diff --git a/current-version.env b/current-version.env index 3daa8b96a..ee10b4bec 100644 --- a/current-version.env +++ b/current-version.env @@ -1,4 +1,4 @@ -EE_VERSION=5.8.1 -CE_VERSION=5.8.1 +EE_VERSION=5.8.2 +CE_VERSION=5.8.2 EE_MINOR_VERSION=5.8 CE_MINOR_VERSION=5.8 diff --git a/hocon/hocon-ce-v5.8.2-en.json b/hocon/hocon-ce-v5.8.2-en.json new file mode 100644 index 000000000..7390bb923 --- /dev/null +++ b/hocon/hocon-ce-v5.8.2-en.json @@ -0,0 +1,16329 @@ +{ + "doc" : "", + "hash" : "T-root", + "fields" : [ + { + "refs" : [ + { + "doc" : "MQTT listeners identified by their protocol type and assigned names", + "hash" : "T-listeners-S-listeners", + "fields" : [ + { + "doc" : "TCP listeners.", + "refs" : [ + { + "doc" : "Settings for the MQTT over TCP listener.", + "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener", + "fields" : [ + { + "doc" : "IP address and port for the listening socket.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "1883" + }, + { + "doc" : "The size of the listener's receiving pool.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.
\nSet to `\"\"` to disable the feature.
\n\nVariables in mountpoint string:\n - ${clientid}: clientid\n - ${username}: username", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "Used to limit the rate at which the current listener accepts connections.\n\nOnce the limit is reached, EMQX will pause fetching connections from the Accept queue, thereby delaying or rejecting new connections.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "Used to limit the number of messages a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be delayed.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be delayed.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "Used to limit the number of bytes a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be delayed.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be delayed.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + } + ], + "text" : "mqtt_tcp_listener" + } + ], + "hash" : "V-listeners-S-listeners-tcp", + "text" : "tcp", + "type" : "Map($name->OneOf(Struct(mqtt_tcp_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "SSL listeners.", + "refs" : [ + { + "doc" : "Settings for the MQTT over SSL listener.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener", + "fields" : [ + { + "doc" : "IP address and port for the listening socket.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8883" + }, + { + "doc" : "The size of the listener's receiving pool.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.
\nSet to `\"\"` to disable the feature.
\n\nVariables in mountpoint string:\n - ${clientid}: clientid\n - ${username}: username", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "Used to limit the rate at which the current listener accepts connections.\n\nOnce the limit is reached, EMQX will pause fetching connections from the Accept queue, thereby delaying or rejecting new connections.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "Used to limit the number of messages a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be delayed.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be delayed.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "Used to limit the number of bytes a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be delayed.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be delayed.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "mqtt_ssl_listener" + } + ], + "hash" : "V-listeners-S-listeners-ssl", + "text" : "ssl", + "type" : "Map($name->OneOf(Struct(mqtt_ssl_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "HTTP websocket listeners.", + "refs" : [ + { + "doc" : "Settings for the MQTT over WebSocket listener.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener", + "fields" : [ + { + "doc" : "IP address and port for the listening socket.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8083" + }, + { + "doc" : "The size of the listener's receiving pool.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.
\nSet to `\"\"` to disable the feature.
\n\nVariables in mountpoint string:\n - ${clientid}: clientid\n - ${username}: username", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "Used to limit the rate at which the current listener accepts connections.\n\nOnce the limit is reached, EMQX will pause fetching connections from the Accept queue, thereby delaying or rejecting new connections.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "Used to limit the number of messages a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be delayed.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be delayed.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "Used to limit the number of bytes a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be delayed.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be delayed.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "WebSocket listener options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts", + "fields" : [ + { + "doc" : "WebSocket's MQTT protocol path. By default, the full URL for the WebSocket client to connect is:\n`ws://{host}:{port}/mqtt`.\nAppend `/[...]` to the end of the path to make EMQX accept any subpath.\nFor example, specifying `mqtt/[...]` would allow clients to connect at paths like\n`mqtt/org1` or `mqtt/group2`, etc.\n\nNOTE: An unmatched path will cause the client to be rejected immediately at the HTTP layer,\nmeaning it will not be traceable at the MQTT layer.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_path", + "text" : "mqtt_path", + "type" : "String", + "default" : "\"/mqtt\"" + }, + { + "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_piggyback", + "text" : "mqtt_piggyback", + "type" : "Enum(single,multiple)", + "default" : "multiple" + }, + { + "doc" : "If true, compress WebSocket messages using zlib.\n\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "The maximum length of a single MQTT packet.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Comma-separated list of supported subprotocols.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\"" + }, + { + "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "List of allowed origins.
See check_origin_enable.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "The HTTP request header that carries the original client's IP address, EMQX will take the leftmost IP in the header as the original client's IP.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "The HTTP request header that carries the original client's source port, EMQX will take the leftmost port in the header as the original client's source port.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "Compression level.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "Specifies the compression strategy.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "Takeover means the compression state is retained between server messages.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Takeover means the compression state is retained between client messages.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Specifies the size of the compression context for the server.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "Specifies the size of the compression context for the client.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + }, + { + "doc" : "Whether to verify that the payload of `text` and `close` frames is valid UTF-8. Disabling it can save resources and improve performance.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-validate_utf8", + "text" : "validate_utf8", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "ws_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket", + "text" : "websocket", + "type" : "Struct(ws_opts)" + } + ], + "text" : "mqtt_ws_listener" + } + ], + "hash" : "V-listeners-S-listeners-ws", + "text" : "ws", + "type" : "Map($name->OneOf(Struct(mqtt_ws_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "HTTPS websocket listeners.", + "refs" : [ + { + "doc" : "Settings for the MQTT over WebSocket/SSL listener.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener", + "fields" : [ + { + "doc" : "IP address and port for the listening socket.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8084" + }, + { + "doc" : "The size of the listener's receiving pool.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.
\nSet to `\"\"` to disable the feature.
\n\nVariables in mountpoint string:\n - ${clientid}: clientid\n - ${username}: username", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "Used to limit the rate at which the current listener accepts connections.\n\nOnce the limit is reached, EMQX will pause fetching connections from the Accept queue, thereby delaying or rejecting new connections.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "Used to limit the number of messages a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be delayed.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be delayed.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "Used to limit the number of bytes a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be delayed.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be delayed.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "Socket options for WebSocket/SSL connections.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "listener_wss_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_wss_opts)" + }, + { + "refs" : [ + { + "doc" : "WebSocket listener options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts", + "fields" : [ + { + "doc" : "WebSocket's MQTT protocol path. By default, the full URL for the WebSocket client to connect is:\n`ws://{host}:{port}/mqtt`.\nAppend `/[...]` to the end of the path to make EMQX accept any subpath.\nFor example, specifying `mqtt/[...]` would allow clients to connect at paths like\n`mqtt/org1` or `mqtt/group2`, etc.\n\nNOTE: An unmatched path will cause the client to be rejected immediately at the HTTP layer,\nmeaning it will not be traceable at the MQTT layer.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_path", + "text" : "mqtt_path", + "type" : "String", + "default" : "\"/mqtt\"" + }, + { + "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_piggyback", + "text" : "mqtt_piggyback", + "type" : "Enum(single,multiple)", + "default" : "multiple" + }, + { + "doc" : "If true, compress WebSocket messages using zlib.\n\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "The maximum length of a single MQTT packet.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Comma-separated list of supported subprotocols.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\"" + }, + { + "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "List of allowed origins.
See check_origin_enable.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "The HTTP request header that carries the original client's IP address, EMQX will take the leftmost IP in the header as the original client's IP.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "The HTTP request header that carries the original client's source port, EMQX will take the leftmost port in the header as the original client's source port.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "Compression level.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "Specifies the compression strategy.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "Takeover means the compression state is retained between server messages.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Takeover means the compression state is retained between client messages.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Specifies the size of the compression context for the server.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "Specifies the size of the compression context for the client.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + }, + { + "doc" : "Whether to verify that the payload of `text` and `close` frames is valid UTF-8. Disabling it can save resources and improve performance.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-validate_utf8", + "text" : "validate_utf8", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "ws_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket", + "text" : "websocket", + "type" : "Struct(ws_opts)" + } + ], + "text" : "mqtt_wss_listener" + } + ], + "hash" : "V-listeners-S-listeners-wss", + "text" : "wss", + "type" : "Map($name->OneOf(Struct(mqtt_wss_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "QUIC listeners.", + "refs" : [ + { + "doc" : "Settings for the MQTT over QUIC listener.", + "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener", + "fields" : [ + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\n\nNOTE: QUIC listener supports only 'tlsv1.3' ciphers", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256]" + }, + { + "doc" : "TLS options for QUIC transport", + "refs" : [ + { + "doc" : "TLS options for QUIC transport.", + "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "listener_quic_ssl_opts" + } + ], + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_quic_ssl_opts)" + }, + { + "doc" : "IP address and port for the listening socket.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "14567" + }, + { + "doc" : "The size of the listener's receiving pool.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.
\nSet to `\"\"` to disable the feature.
\n\nVariables in mountpoint string:\n - ${clientid}: clientid\n - ${username}: username", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "Used to limit the rate at which the current listener accepts connections.\n\nOnce the limit is reached, EMQX will pause fetching connections from the Accept queue, thereby delaying or rejecting new connections.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "Used to limit the number of messages a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be delayed.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be delayed.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "Used to limit the number of bytes a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be delayed.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be delayed.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + } + ], + "text" : "mqtt_quic_listener" + } + ], + "hash" : "V-listeners-S-listeners-quic", + "text" : "quic", + "type" : "Map($name->OneOf(Struct(mqtt_quic_listener),String(\"marked_for_deletion\")))" + } + ], + "text" : "listeners" + } + ], + "hash" : "V-listeners", + "text" : "listeners", + "type" : "Struct(listeners)" + }, + { + "doc" : "Global MQTT configuration.\nThe configs here work as default values which can be overridden in zone configs", + "refs" : [ + { + "doc" : "Global MQTT configuration.", + "hash" : "T-mqtt-S-mqtt", + "fields" : [ + { + "doc" : "Configure the duration of time that a connection can remain idle (i.e., without any data transfer) before being:\n - Automatically disconnected if no CONNECT package is received from the client yet.\n - Put into hibernation mode to save resources if some CONNECT packages are already received.\nNote: Please set the parameter with caution as long idle time will lead to resource waste.", + "hash" : "V-mqtt-S-mqtt-idle_timeout", + "text" : "idle_timeout", + "type" : "OneOf(String(\"infinity\"),Duration)", + "default" : "\"15s\"" + }, + { + "doc" : "Maximum MQTT packet size allowed. Default: 1 MB, Maximum: 256 MB
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-mqtt-S-mqtt-max_packet_size", + "text" : "max_packet_size", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "Maximum allowed length of MQTT Client ID.", + "hash" : "V-mqtt-S-mqtt-max_clientid_len", + "text" : "max_clientid_len", + "type" : "Integer(23..65535)", + "default" : "65535" + }, + { + "doc" : "Maximum topic levels allowed.", + "hash" : "V-mqtt-S-mqtt-max_topic_levels", + "text" : "max_topic_levels", + "type" : "Integer(1..65535)", + "default" : "128" + }, + { + "doc" : "Maximum topic alias, 0 means no topic alias supported.", + "hash" : "V-mqtt-S-mqtt-max_topic_alias", + "text" : "max_topic_alias", + "type" : "Integer(0..65535)", + "default" : "65535" + }, + { + "doc" : "Whether to enable support for MQTT retained message.", + "hash" : "V-mqtt-S-mqtt-retain_available", + "text" : "retain_available", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Whether to enable support for MQTT wildcard subscription.", + "hash" : "V-mqtt-S-mqtt-wildcard_subscription", + "text" : "wildcard_subscription", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Whether to enable support for MQTT shared subscription.", + "hash" : "V-mqtt-S-mqtt-shared_subscription", + "text" : "shared_subscription", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Dispatch strategy for shared subscription.\n - `random`: Randomly select a subscriber for dispatch;\n - `round_robin`: Clients in a shared subscription group will consume messages in turn, and the progress of the loop is recorded independently in each publisher, so two adjacent messages from **different publishers** may be consumed by the same client in the subscription group;\n - `round_robin_per_group`: Clients in a shared subscription group will consume messages in turn, and the progress of the loop is recorded independently in each node, so two adjacent messages from **different nodes** may be consumed by the same client in the subscription group;\n - `local`: Randomly select a subscriber on the current node, if there are no subscribers on the current node, then randomly select within the cluster;\n - `sticky`: Continuously dispatch messages to the initially selected subscriber until their session ends. The initial selection is made based on `mqtt_shared_subscription_initial_sticky_pick`;\n - `hash_clientid`: Hash the publisher's client ID to select a subscriber;\n - `hash_topic`: Hash the publishing topic to select a subscriber.", + "hash" : "V-mqtt-S-mqtt-shared_subscription_strategy", + "text" : "shared_subscription_strategy", + "type" : "Enum(random,round_robin,round_robin_per_group,sticky,local,hash_topic,hash_clientid)", + "default" : "round_robin" + }, + { + "doc" : "The strategy to use for the initial subscriber pick when shared_subscription_strategy is `sticky`.\n - `random`: Randomly select the subscriber;\n - `local`: Randomly select a subscriber on the current node, if there are no subscribers on the current node, then randomly select within the cluster;\n - `hash_clientid`: Hash the publisher's client ID to select a subscriber;\n - `hash_topic`: Hash the publishing topic to select a subscriber.", + "hash" : "V-mqtt-S-mqtt-shared_subscription_initial_sticky_pick", + "text" : "shared_subscription_initial_sticky_pick", + "type" : "Enum(random,local,hash_topic,hash_clientid)", + "default" : "random" + }, + { + "doc" : "Whether to enable support for MQTT exclusive subscription.", + "hash" : "V-mqtt-S-mqtt-exclusive_subscription", + "text" : "exclusive_subscription", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Whether the messages sent by the MQTT v3.1.1/v3.1.0 client will be looped back to the publisher itself, similar to No Local in MQTT 5.0.", + "hash" : "V-mqtt-S-mqtt-ignore_loop_deliver", + "text" : "ignore_loop_deliver", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Whether to parse MQTT messages in strict mode.\nIn strict mode, invalid utf8 strings in for example client ID, topic name, etc. will cause the client to be disconnected.", + "hash" : "V-mqtt-S-mqtt-strict_mode", + "text" : "strict_mode", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "UTF-8 string, for creating the response topic, for example, if set to reqrsp/, the publisher/subscriber will communicate using the topic prefix reqrsp/.\nTo disable this feature, input \"\" in the text box below. Only applicable to MQTT 5.0 clients.", + "hash" : "V-mqtt-S-mqtt-response_information", + "text" : "response_information", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The keep alive duration required by EMQX. To use the setting from the client side, choose disabled from the drop-down list. Only applicable to MQTT 5.0 clients.", + "hash" : "V-mqtt-S-mqtt-server_keepalive", + "text" : "server_keepalive", + "type" : "OneOf(Integer(1..+inf),String(\"disabled\"))", + "default" : "disabled" + }, + { + "doc" : "Keep-Alive Timeout = Keep-Alive interval × Keep-Alive Multiplier.\nThe default value 1.5 is following the MQTT 5.0 specification. This multiplier is adjustable, providing system administrators flexibility for tailoring to their specific needs. For instance, if a client's 10-second Keep-Alive interval PINGREQ gets delayed by an extra 10 seconds, changing the multiplier to 2 lets EMQX tolerate this delay.", + "hash" : "V-mqtt-S-mqtt-keepalive_multiplier", + "text" : "keepalive_multiplier", + "type" : "Number", + "default" : "1.5" + }, + { + "doc" : "The frequency of checking for incoming MQTT packets determines how often the server will check for new MQTT packets.\nIf a certain amount of time passes without any packets being sent from the client, this time will be added up.\nOnce the accumulated time exceeds `keepalive-interval * keepalive-multiplier`, the connection will be terminated.\nThe default is set to 30 seconds, with a minimum value of 1 second and a maximum value of `keepalive-interval / 2`.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-mqtt-S-mqtt-keepalive_check_interval", + "text" : "keepalive_check_interval", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "Retry interval for QoS 1/2 message delivering.", + "hash" : "V-mqtt-S-mqtt-retry_interval", + "text" : "retry_interval", + "type" : "OneOf(String(\"infinity\"),Duration)", + "default" : "infinity" + }, + { + "doc" : "Whether to use Username as Client ID.\nThis setting takes effect later than `peer_cert_as_username` and `peer_cert_as_clientid`.", + "hash" : "V-mqtt-S-mqtt-use_username_as_clientid", + "text" : "use_username_as_clientid", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Use the CN, DN field in the peer certificate or the entire certificate content as Username. Only works for the TLS connection.\nSupported configurations are the following:\n- cn: CN field of the certificate\n- dn: DN field of the certificate\n- crt: Content of the DER or PEM certificate\n- pem: Convert DER certificate content to PEM format and use as Username\n- md5: MD5 value of the DER or PEM certificate", + "hash" : "V-mqtt-S-mqtt-peer_cert_as_username", + "text" : "peer_cert_as_username", + "type" : "Enum(disabled,cn,dn,crt,pem,md5)", + "default" : "disabled" + }, + { + "doc" : "Use the CN, DN field in the peer certificate or the entire certificate content as Client ID. Only works for the TLS connection.\nSupported configurations are the following:\n- cn: CN field of the certificate\n- dn: DN field of the certificate\n- crt: DER or PEM certificate\n- pem: Convert DER certificate content to PEM format and use as Client ID\n- md5: MD5 value of the DER or PEM certificate", + "hash" : "V-mqtt-S-mqtt-peer_cert_as_clientid", + "text" : "peer_cert_as_clientid", + "type" : "Enum(disabled,cn,dn,crt,pem,md5)", + "default" : "disabled" + }, + { + "doc" : "Specify how to initialize client attributes.\nEach client attribute can be initialized as `client_attrs.{NAME}`,\nwhere `{NAME}` is the name of the attribute specified in the config field `set_as_attr`.\nThe initialized client attribute will be stored in the `client_attrs` property with the specified name,\nand can be used as a placeholder in a template for authentication and authorization.\nFor example, use `${client_attrs.alias}` to render an HTTP POST body when `set_as_attr = alias`,\nor render listener config `moutpoint = devices/${client_attrs.alias}/` to initialize a per-client topic namespace.", + "refs" : [ + { + "doc" : "Specify how to initialize client attributes.\nEach client attribute can be initialized as `client_attrs.{NAME}`,\nwhere `{NAME}` is the name of the attribute specified in the config field `set_as_attr`.\nThe initialized client attribute will be stored in the `client_attrs` property with the specified name,\nand can be used as a placeholder in a template for authentication and authorization.\nFor example, use `${client_attrs.alias}` to render an HTTP POST body when `set_as_attr = alias`,\nor render listener config `moutpoint = devices/${client_attrs.alias}/` to initialize a per-client topic namespace.", + "hash" : "T-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init", + "fields" : [ + { + "doc" : "A one line expression to evaluate a set of predefined string functions (like in the rule engine SQL statements).\nThe expression can be a function call with nested calls as its arguments, or direct variable reference.\nSo far, it does not provide user-defined variable binding (like `var a=1`) or user-defined functions.\nAs an example, to extract the prefix of client ID delimited by a dot: `nth(1, tokens(clientid, '.'))`.\n\nThe variables pre-bound variables are:\n- `cn`: Client's TLS certificate common name.\n- `dn`: Client's TLS certificate distinguished name (the subject).\n- `clientid`: MQTT Client ID.\n- `username`: MQTT Client's username.\n- `user_property.{NAME}`: User properties in the CONNECT packet.\n\nYou can read more about variform expressions in EMQX docs.", + "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-expression", + "text" : "expression", + "type" : "String" + }, + { + "doc" : "The name of the client attribute extracted from the client data.\nThe extracted attribute will be stored in the `client_attrs` property with this name.", + "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-set_as_attr", + "text" : "set_as_attr", + "type" : "String" + } + ], + "text" : "client_attrs_init" + } + ], + "hash" : "V-mqtt-S-mqtt-client_attrs_init", + "text" : "client_attrs_init", + "type" : "Array(Struct(client_attrs_init))", + "default" : "[]" + }, + { + "doc" : "Specifies how long the session will expire after the connection is disconnected, only for non-MQTT 5.0 connections.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-mqtt-S-mqtt-session_expiry_interval", + "text" : "session_expiry_interval", + "type" : "Duration", + "default" : "\"2h\"" + }, + { + "doc" : "The expiry interval of MQTT messages. For MQTT 5.0 clients, this configuration will only take effect when the `Message-Expiry-Interval` property is not set in the message; otherwise, the value of the `Message-Expiry-Interval` property will be used. For MQTT versions older than 5.0, this configuration will always take effect. Please note that setting `message_expiry_interval` greater than `session_expiry_interval` is meaningless, as all messages will be cleared when the session expires.", + "hash" : "V-mqtt-S-mqtt-message_expiry_interval", + "text" : "message_expiry_interval", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "infinity" + }, + { + "doc" : "For each publisher session, the maximum number of outstanding QoS 2 messages pending on the client to send PUBREL. After reaching this limit, new QoS 2 PUBLISH requests will be rejected with `147(0x93)` until either PUBREL is received or timed out.", + "hash" : "V-mqtt-S-mqtt-max_awaiting_rel", + "text" : "max_awaiting_rel", + "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))", + "default" : "100" + }, + { + "doc" : "Maximum QoS allowed.", + "hash" : "V-mqtt-S-mqtt-max_qos_allowed", + "text" : "max_qos_allowed", + "type" : "Integer(0..2)", + "default" : "2" + }, + { + "doc" : "Topic priority list. Prioritize messages in the message queue by topic. The priority range is `[1, 255]`.\n\nThe larger the value, the higher the priority. Messages with higher priority will be sent first.\n\nTopics not in this list will use the default priority (specified by `mqueue_default_priority`).\n\nBy default, this list is empty, which means all topics have the same priority.\n\nNote: commas and equal signs are not supported in topic names.\n\nFor example, if you want `topic/1` to have a higher priority than `topic/2`, you can configure it like this:\n\n`mqueue_priorities: {\\\"topic/1\\\": 10, \\\"topic/2\\\": 8}`", + "hash" : "V-mqtt-S-mqtt-mqueue_priorities", + "text" : "mqueue_priorities", + "type" : "OneOf(String(\"disabled\"),Map)", + "default" : "disabled" + }, + { + "doc" : "Default topic priority, which will be used by topics not in Topic Priorities (mqueue_priorities).", + "hash" : "V-mqtt-S-mqtt-mqueue_default_priority", + "text" : "mqueue_default_priority", + "type" : "Enum(highest,lowest)", + "default" : "lowest" + }, + { + "doc" : "Specifies whether to store QoS 0 messages in the message queue while the connection is down but the session remains.", + "hash" : "V-mqtt-S-mqtt-mqueue_store_qos0", + "text" : "mqueue_store_qos0", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum queue length. Enqueued messages when persistent client disconnected, or inflight window is full.", + "hash" : "V-mqtt-S-mqtt-max_mqueue_len", + "text" : "max_mqueue_len", + "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))", + "default" : "1000" + }, + { + "doc" : "Maximum number of QoS 1 and QoS 2 messages that are allowed to be delivered simultaneously before completing the acknowledgment.", + "hash" : "V-mqtt-S-mqtt-max_inflight", + "text" : "max_inflight", + "type" : "Integer(1..65535)", + "default" : "32" + }, + { + "doc" : "Maximum number of subscriptions allowed per client.", + "hash" : "V-mqtt-S-mqtt-max_subscriptions", + "text" : "max_subscriptions", + "type" : "OneOf(Integer(1..inf),String(\"infinity\"))", + "default" : "infinity" + }, + { + "doc" : "Force upgrade of QoS level according to subscription.", + "hash" : "V-mqtt-S-mqtt-upgrade_qos", + "text" : "upgrade_qos", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "For client to broker QoS 2 message, the time limit for the broker to wait before the `PUBREL` message is received. The wait is aborted after timed out, meaning the packet ID is freed for new `PUBLISH` requests. Receiving a stale `PUBREL` causes a warning level log. Note, the message is delivered to subscribers before entering the wait for PUBREL.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-mqtt-S-mqtt-await_rel_timeout", + "text" : "await_rel_timeout", + "type" : "Duration", + "default" : "\"300s\"" + } + ], + "text" : "mqtt" + } + ], + "hash" : "V-mqtt", + "text" : "mqtt", + "type" : "Struct(mqtt)" + }, + { + "doc" : "Default authentication configs for all MQTT listeners.\n\nFor per-listener overrides see authentication in listener configs\n\nThis option can be configured with:\n
    \n
  • []: The default value, it allows *ALL* logins
    • \n
  • one: For example {enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}
    • \n
  • chain: An array of structs.
    • \n
\n\nWhen a chain is configured, the login credentials are checked against the backends per the configured order, until an 'allow' or 'deny' decision can be made.\n\nIf there is no decision after a full chain exhaustion, the login is rejected.", + "refs" : [ + { + "doc" : "Configuration of authenticator using built-in database as data source.", + "hash" : "T-authentication-S-builtin_db", + "fields" : [ + { + "doc" : "Options for password hash creation and verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm (for DB backends with write capability).", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + }, + { + "doc" : "Work factor for BCRYPT password generation.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-salt_rounds", + "text" : "salt_rounds", + "type" : "Integer(5..10)", + "default" : "10" + } + ], + "text" : "bcrypt_rw" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt_rw),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-builtin_db-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-builtin_db-backend", + "text" : "backend", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "Specify whether to use `clientid` or `username` for authentication.", + "hash" : "V-authentication-S-builtin_db-user_id_type", + "text" : "user_id_type", + "type" : "Enum(clientid,username)", + "default" : "username" + }, + { + "doc" : "The bootstrap file imports users into the built-in database.\nIt will not import a user ID that already exists in the database.\nThe file content format is determined by `bootstrap_type`.", + "hash" : "V-authentication-S-builtin_db-bootstrap_file", + "text" : "bootstrap_file", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/auth-built-in-db-bootstrap.csv\"" + }, + { + "doc" : "Specify which type of content the bootstrap file has.\n\n- **`plain`**:\n - Expected data fields: `user_id`, `password`, `is_superuser`\n - `user_id`: Can be Client ID or username, depending on built-in database authentication's `user_id_type` config.\n - `password`: User's plaintext password.\n - `is_superuser`: Boolean, user's administrative status.\n\n- **`hash`**:\n - Expected data fields: `user_id`,`password_hash`,`salt`,`is_superuser`\n - Definitions similar to `plain` type, with `password_hash` and `salt` added for security.\n\nThe content can be either in CSV, or JSON format.\n\nHere is a CSV example: `user_id,password_hash,salt,is_superuser\\nmy_user,b6c743545a7817ae8c8f624371d5f5f0373234bb0ff36b8ffbf19bce0e06ab75,de1024f462fb83910fd13151bd4bd235,true`\n\nAnd JSON content should be decoded into an array of objects, for example: `[{\"user_id\": \"my_user\",\"password\": \"s3cr3tp@ssw0rd\",\"is_superuser\": true}]`.\n\nThe hash string for `password_hash` depends on how `password_hash_algorithm` is configured for the built-in database authentication mechanism. For example, if it's configured as `password_hash_algorithm {name = sha256, salt_position = suffix}`, then the salt is appended to the password before hashed. Here is the equivalent Python expression: `hashlib.sha256(password + salt).hexdigest()`.", + "hash" : "V-authentication-S-builtin_db-bootstrap_type", + "text" : "bootstrap_type", + "type" : "Enum(hash,plain)", + "default" : "plain" + } + ], + "text" : "builtin_db" + }, + { + "doc" : "Configuration of authenticator using MySQL as authentication data source.", + "hash" : "T-authentication-S-mysql", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-mysql-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-mysql-backend", + "text" : "backend", + "type" : "String(\"mysql\")" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mysql-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "SQL used to query data for authentication, such as password hash.", + "hash" : "V-authentication-S-mysql-query", + "text" : "query", + "type" : "String" + }, + { + "doc" : "Timeout for the SQL query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mysql-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MySQL default port 3306 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-mysql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authentication-S-mysql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-mysql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-mysql-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mysql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-mysql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mysql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mysql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mysql" + }, + { + "doc" : "Configuration of authenticator using PostgreSQL as authentication data source.", + "hash" : "T-authentication-S-postgresql", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-postgresql-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-postgresql-backend", + "text" : "backend", + "type" : "String(\"postgresql\")" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-postgresql-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "SQL used to query data for authentication, such as password hash.", + "hash" : "V-authentication-S-postgresql-query", + "text" : "query", + "type" : "String" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-postgresql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.", + "hash" : "V-authentication-S-postgresql-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Database name.", + "hash" : "V-authentication-S-postgresql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-postgresql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-postgresql-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-postgresql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-postgresql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-postgresql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-postgresql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "postgresql" + }, + { + "doc" : "Configuration of authenticator using MongoDB (Standalone) as authentication data source.", + "hash" : "T-authentication-S-mongo_single", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-mongo_single-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-mongo_single-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "Collection used to store authentication data.", + "hash" : "V-authentication-S-mongo_single-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authentication-S-mongo_single-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Document field that contains password hash.", + "hash" : "V-authentication-S-mongo_single-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "Document field that contains the password salt.", + "hash" : "V-authentication-S-mongo_single-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "Document field that defines if the user has superuser privileges.", + "hash" : "V-authentication-S-mongo_single-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "Standalone instance. Must be set to 'single' when MongoDB server is running in standalone mode.", + "hash" : "V-authentication-S-mongo_single-mongo_type", + "text" : "mongo_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-mongo_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authentication-S-mongo_single-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authentication-S-mongo_single-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-mongo_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-mongo_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authentication-S-mongo_single-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authentication-S-mongo_single-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authentication-S-mongo_single-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authentication-S-mongo_single-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_single-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_single" + }, + { + "doc" : "Configuration of authenticator using MongoDB (Replica Set) as authentication data source.", + "hash" : "T-authentication-S-mongo_rs", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-mongo_rs-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-mongo_rs-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "Collection used to store authentication data.", + "hash" : "V-authentication-S-mongo_rs-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authentication-S-mongo_rs-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Document field that contains password hash.", + "hash" : "V-authentication-S-mongo_rs-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "Document field that contains the password salt.", + "hash" : "V-authentication-S-mongo_rs-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "Document field that defines if the user has superuser privileges.", + "hash" : "V-authentication-S-mongo_rs-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "Replica set. Must be set to 'rs' when MongoDB server is running in 'replica set' mode.", + "hash" : "V-authentication-S-mongo_rs-mongo_type", + "text" : "mongo_type", + "type" : "String(\"rs\")", + "default" : "rs" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-mongo_rs-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authentication-S-mongo_rs-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Read mode.", + "hash" : "V-authentication-S-mongo_rs-r_mode", + "text" : "r_mode", + "type" : "Enum(master,slave_ok)", + "default" : "master" + }, + { + "doc" : "Name of the replica set.", + "hash" : "V-authentication-S-mongo_rs-replica_set_name", + "text" : "replica_set_name", + "type" : "String" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authentication-S-mongo_rs-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-mongo_rs-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-mongo_rs-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_rs-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authentication-S-mongo_rs-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authentication-S-mongo_rs-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authentication-S-mongo_rs-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authentication-S-mongo_rs-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_rs-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_rs-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_rs-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_rs" + }, + { + "doc" : "Configuration of authenticator using MongoDB (Sharded Cluster) as authentication data source.", + "hash" : "T-authentication-S-mongo_sharded", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-mongo_sharded-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-mongo_sharded-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "Collection used to store authentication data.", + "hash" : "V-authentication-S-mongo_sharded-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authentication-S-mongo_sharded-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Document field that contains password hash.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "Document field that contains the password salt.", + "hash" : "V-authentication-S-mongo_sharded-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "Document field that defines if the user has superuser privileges.", + "hash" : "V-authentication-S-mongo_sharded-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "Sharded cluster. Must be set to 'sharded' when MongoDB server is running in 'sharded' mode.", + "hash" : "V-authentication-S-mongo_sharded-mongo_type", + "text" : "mongo_type", + "type" : "String(\"sharded\")", + "default" : "sharded" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-mongo_sharded-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authentication-S-mongo_sharded-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authentication-S-mongo_sharded-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-mongo_sharded-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-mongo_sharded-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_sharded-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authentication-S-mongo_sharded-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authentication-S-mongo_sharded-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authentication-S-mongo_sharded-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authentication-S-mongo_sharded-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_sharded-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_sharded-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_sharded-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_sharded" + }, + { + "doc" : "Configuration of authenticator using Redis (Standalone) as authentication data source.", + "hash" : "T-authentication-S-redis_single", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-redis_single-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-redis_single-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "The Redis Command used to query data for authentication such as password hash, currently only supports HGET and HMGET.", + "hash" : "V-authentication-S-redis_single-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_single-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-redis_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Single mode. Must be set to 'single' when Redis server is running in single mode.", + "hash" : "V-authentication-S-redis_single-redis_type", + "text" : "redis_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-redis_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-redis_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis database ID.", + "hash" : "V-authentication-S-redis_single-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_single-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_single" + }, + { + "doc" : "Configuration of authenticator using Redis (Cluster) as authentication data source.", + "hash" : "T-authentication-S-redis_cluster", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-redis_cluster-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-redis_cluster-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "The Redis Command used to query data for authentication such as password hash, currently only supports HGET and HMGET.", + "hash" : "V-authentication-S-redis_cluster-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-redis_cluster-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Cluster mode. Must be set to 'cluster' when Redis server is running in clustered mode.", + "hash" : "V-authentication-S-redis_cluster-redis_type", + "text" : "redis_type", + "type" : "String(\"cluster\")", + "default" : "cluster" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-redis_cluster-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-redis_cluster-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_cluster-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_cluster-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_cluster-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_cluster-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_cluster" + }, + { + "doc" : "Configuration of authenticator using Redis (Sentinel) as authentication data source.", + "hash" : "T-authentication-S-redis_sentinel", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-redis_sentinel-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-redis_sentinel-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "The Redis Command used to query data for authentication such as password hash, currently only supports HGET and HMGET.", + "hash" : "V-authentication-S-redis_sentinel-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-redis_sentinel-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Sentinel mode. Must be set to 'sentinel' when Redis server is running in sentinel mode.", + "hash" : "V-authentication-S-redis_sentinel-redis_type", + "text" : "redis_type", + "type" : "String(\"sentinel\")", + "default" : "sentinel" + }, + { + "doc" : "The cluster name in Redis sentinel mode.", + "hash" : "V-authentication-S-redis_sentinel-sentinel", + "text" : "sentinel", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-redis_sentinel-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-redis_sentinel-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_sentinel-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis database ID.", + "hash" : "V-authentication-S-redis_sentinel-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_sentinel-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_sentinel-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_sentinel-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_sentinel" + }, + { + "doc" : "Configuration of authenticator using HTTP Server as authentication service (Using GET request).", + "hash" : "T-authentication-S-http_get", + "fields" : [ + { + "doc" : "HTTP request method.", + "hash" : "V-authentication-S-http_get-method", + "text" : "method", + "type" : "String(\"get\")" + }, + { + "doc" : "List of HTTP headers (without content-type).", + "hash" : "V-authentication-S-http_get-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-http_get-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-http_get-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "URL of the HTTP server.", + "hash" : "V-authentication-S-http_get-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP request body.", + "hash" : "V-authentication-S-http_get-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_get-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Configure HTTP request parameters.", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-http_get-request-S-request", + "fields" : [ + { + "doc" : "HTTP method.", + "hash" : "V-authentication-S-http_get-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-http_get-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-http_get-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-authentication-S-http_get-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-authentication-S-http_get-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_get-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-http_get-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-http_get-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-http_get-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "The pool size.", + "hash" : "V-authentication-S-http_get-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_get-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-http_get-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-authentication-S-http_get-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_get-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + } + ], + "text" : "http_get" + }, + { + "doc" : "Configuration of authenticator using HTTP Server as authentication service (Using POST request).", + "hash" : "T-authentication-S-http_post", + "fields" : [ + { + "doc" : "HTTP request method.", + "hash" : "V-authentication-S-http_post-method", + "text" : "method", + "type" : "String(\"post\")" + }, + { + "doc" : "List of HTTP Headers.", + "hash" : "V-authentication-S-http_post-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-http_post-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-http_post-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "URL of the HTTP server.", + "hash" : "V-authentication-S-http_post-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP request body.", + "hash" : "V-authentication-S-http_post-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_post-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Configure HTTP request parameters.", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-http_post-request-S-request", + "fields" : [ + { + "doc" : "HTTP method.", + "hash" : "V-authentication-S-http_post-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-http_post-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-http_post-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-authentication-S-http_post-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-authentication-S-http_post-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_post-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-http_post-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-http_post-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-http_post-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "The pool size.", + "hash" : "V-authentication-S-http_post-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_post-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-http_post-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-authentication-S-http_post-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_post-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + } + ], + "text" : "http_post" + }, + { + "doc" : "Configuration when the JWT for authentication is issued using the HMAC algorithm.", + "hash" : "T-authentication-S-jwt_hmac", + "fields" : [ + { + "doc" : "JWT signing algorithm, Supports HMAC (configured as hmac-based) and RSA, ECDSA (configured as public-key).", + "hash" : "V-authentication-S-jwt_hmac-algorithm", + "text" : "algorithm", + "type" : "Enum(hmac-based)" + }, + { + "doc" : "The key to verify the JWT using HMAC algorithm.", + "hash" : "V-authentication-S-jwt_hmac-secret", + "text" : "secret", + "type" : "String" + }, + { + "doc" : "Whether secret is base64 encoded.", + "hash" : "V-authentication-S-jwt_hmac-secret_base64_encoded", + "text" : "secret_base64_encoded", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-jwt_hmac-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "The JWT claim designated for accessing ACL (Access Control List) rules can be specified,\nsuch as using the `acl` claim. A typical decoded JWT with this claim might appear as:\n`{\"username\": \"user1\", \"acl\": ...}`.\n\nSupported ACL Rule Formats:\n\n- Object Format:\n Utilizes action types pub (publish), sub (subscribe), or all (both publish and subscribe).\n The value is a list of topic filters.\n Example: `{\"pub\": [\"topic1\"], \"sub\": [], \"all\": [\"${username}/#\"]}`.\n This example signifies that the token owner can publish to topic1 and perform both publish and subscribe\n actions on topics starting with their username.\n Note: In this format, if no topic matches, the action is denied, and the authorization process terminates.\n\n- Array Format (resembles File-Based ACL Rules):\n Example: `[{\"permission\": \"allow\", \"action\": \"all\", \"topic\": \"${username}/#\"}]`.\n Additionally, the `pub` or `publish` action rules can be extended with `qos` and `retain` field,\n and `sub` or `subscribe` action rules can be extended with a `qos` field.\n Note: Here, if no rule matches, the action is not immediately denied.\n The process continues to other configured authorization sources,\n and ultimately falls back to the default permission in config `authorization.no_match`.\n\nThe ACL claim utilizes MQTT topic wildcard matching rules for publishing or subscribing.\nA special syntax for the 'subscribe' action allows the use of `eq` for an exact match.\nFor instance, `eq t/#` permits or denies subscription to `t/#`, but not to `t/1`.", + "hash" : "V-authentication-S-jwt_hmac-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "A list of custom claims to validate. The allowed formats are the following:\nA map where claim names are map keys and expected values are map values:\n { claim_name = \"${username}\", ...}.\n\nA list of maps with name (claim name) and value (expected claim value) keys:\n [{name = \"claim_name\", value = \"${username}\"}, ...].\n\nValues can use the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting\n\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in verify_claims.", + "hash" : "V-authentication-S-jwt_hmac-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Disconnect the client after the token expires.", + "hash" : "V-authentication-S-jwt_hmac-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Field to take JWT from.", + "hash" : "V-authentication-S-jwt_hmac-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_hmac" + }, + { + "doc" : "Configuration when the JWT for authentication is issued using RSA or ECDSA algorithm.", + "hash" : "T-authentication-S-jwt_public_key", + "fields" : [ + { + "doc" : "JWT signing algorithm, Supports HMAC (configured as hmac-based) and RSA, ECDSA (configured as public-key).", + "hash" : "V-authentication-S-jwt_public_key-algorithm", + "text" : "algorithm", + "type" : "Enum(public-key)" + }, + { + "doc" : "The public key used to verify the JWT.", + "hash" : "V-authentication-S-jwt_public_key-public_key", + "text" : "public_key", + "type" : "String" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-jwt_public_key-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "The JWT claim designated for accessing ACL (Access Control List) rules can be specified,\nsuch as using the `acl` claim. A typical decoded JWT with this claim might appear as:\n`{\"username\": \"user1\", \"acl\": ...}`.\n\nSupported ACL Rule Formats:\n\n- Object Format:\n Utilizes action types pub (publish), sub (subscribe), or all (both publish and subscribe).\n The value is a list of topic filters.\n Example: `{\"pub\": [\"topic1\"], \"sub\": [], \"all\": [\"${username}/#\"]}`.\n This example signifies that the token owner can publish to topic1 and perform both publish and subscribe\n actions on topics starting with their username.\n Note: In this format, if no topic matches, the action is denied, and the authorization process terminates.\n\n- Array Format (resembles File-Based ACL Rules):\n Example: `[{\"permission\": \"allow\", \"action\": \"all\", \"topic\": \"${username}/#\"}]`.\n Additionally, the `pub` or `publish` action rules can be extended with `qos` and `retain` field,\n and `sub` or `subscribe` action rules can be extended with a `qos` field.\n Note: Here, if no rule matches, the action is not immediately denied.\n The process continues to other configured authorization sources,\n and ultimately falls back to the default permission in config `authorization.no_match`.\n\nThe ACL claim utilizes MQTT topic wildcard matching rules for publishing or subscribing.\nA special syntax for the 'subscribe' action allows the use of `eq` for an exact match.\nFor instance, `eq t/#` permits or denies subscription to `t/#`, but not to `t/1`.", + "hash" : "V-authentication-S-jwt_public_key-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "A list of custom claims to validate. The allowed formats are the following:\nA map where claim names are map keys and expected values are map values:\n { claim_name = \"${username}\", ...}.\n\nA list of maps with name (claim name) and value (expected claim value) keys:\n [{name = \"claim_name\", value = \"${username}\"}, ...].\n\nValues can use the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting\n\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in verify_claims.", + "hash" : "V-authentication-S-jwt_public_key-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Disconnect the client after the token expires.", + "hash" : "V-authentication-S-jwt_public_key-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Field to take JWT from.", + "hash" : "V-authentication-S-jwt_public_key-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_public_key" + }, + { + "doc" : "Configuration when JWTs used for authentication need to be fetched from the JWKS endpoint.", + "hash" : "T-authentication-S-jwt_jwks", + "fields" : [ + { + "doc" : "Whether to use JWKS.", + "hash" : "V-authentication-S-jwt_jwks-use_jwks", + "text" : "use_jwks", + "type" : "Enum(true)" + }, + { + "doc" : "JWKS endpoint, it's a read-only endpoint that returns the server's public key set in the JWKS format.", + "hash" : "V-authentication-S-jwt_jwks-endpoint", + "text" : "endpoint", + "type" : "String" + }, + { + "doc" : "List of HTTP headers to send with the JWKS request.", + "hash" : "V-authentication-S-jwt_jwks-headers", + "text" : "headers", + "type" : "Map", + "default" : "{Accept = \"application/json\"}" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-jwt_jwks-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "JWKS refresh interval.", + "hash" : "V-authentication-S-jwt_jwks-refresh_interval", + "text" : "refresh_interval", + "type" : "Integer", + "default" : "300" + }, + { + "doc" : "SSL options.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-jwt_jwks-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-jwt_jwks-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-jwt_jwks-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "The JWT claim designated for accessing ACL (Access Control List) rules can be specified,\nsuch as using the `acl` claim. A typical decoded JWT with this claim might appear as:\n`{\"username\": \"user1\", \"acl\": ...}`.\n\nSupported ACL Rule Formats:\n\n- Object Format:\n Utilizes action types pub (publish), sub (subscribe), or all (both publish and subscribe).\n The value is a list of topic filters.\n Example: `{\"pub\": [\"topic1\"], \"sub\": [], \"all\": [\"${username}/#\"]}`.\n This example signifies that the token owner can publish to topic1 and perform both publish and subscribe\n actions on topics starting with their username.\n Note: In this format, if no topic matches, the action is denied, and the authorization process terminates.\n\n- Array Format (resembles File-Based ACL Rules):\n Example: `[{\"permission\": \"allow\", \"action\": \"all\", \"topic\": \"${username}/#\"}]`.\n Additionally, the `pub` or `publish` action rules can be extended with `qos` and `retain` field,\n and `sub` or `subscribe` action rules can be extended with a `qos` field.\n Note: Here, if no rule matches, the action is not immediately denied.\n The process continues to other configured authorization sources,\n and ultimately falls back to the default permission in config `authorization.no_match`.\n\nThe ACL claim utilizes MQTT topic wildcard matching rules for publishing or subscribing.\nA special syntax for the 'subscribe' action allows the use of `eq` for an exact match.\nFor instance, `eq t/#` permits or denies subscription to `t/#`, but not to `t/1`.", + "hash" : "V-authentication-S-jwt_jwks-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "A list of custom claims to validate. The allowed formats are the following:\nA map where claim names are map keys and expected values are map values:\n { claim_name = \"${username}\", ...}.\n\nA list of maps with name (claim name) and value (expected claim value) keys:\n [{name = \"claim_name\", value = \"${username}\"}, ...].\n\nValues can use the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting\n\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in verify_claims.", + "hash" : "V-authentication-S-jwt_jwks-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Disconnect the client after the token expires.", + "hash" : "V-authentication-S-jwt_jwks-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Field to take JWT from.", + "hash" : "V-authentication-S-jwt_jwks-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_jwks" + }, + { + "doc" : "Settings for Salted Challenge Response Authentication Mechanism\n(SCRAM) authentication.", + "hash" : "T-authentication-S-scram", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-scram-mechanism", + "text" : "mechanism", + "type" : "String(\"scram\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-scram-backend", + "text" : "backend", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "Hashing algorithm.", + "hash" : "V-authentication-S-scram-algorithm", + "text" : "algorithm", + "type" : "Enum(sha256,sha512)", + "default" : "sha256" + }, + { + "doc" : "Iteration count.", + "hash" : "V-authentication-S-scram-iteration_count", + "text" : "iteration_count", + "type" : "Integer(0..+inf)", + "default" : "4096" + } + ], + "text" : "scram" + }, + { + "doc" : "Configuration of authenticator using LDAP as authentication data source.", + "hash" : "T-authentication-S-ldap", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-ldap-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-ldap-backend", + "text" : "backend", + "type" : "String(\"ldap\")" + }, + { + "doc" : "Timeout for the LDAP query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe LDAP default port 389 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-ldap-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-ldap-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-ldap-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-ldap-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "The name of the base object entry (or possibly the root) relative to\nwhich the Search is to be performed.", + "hash" : "V-authentication-S-ldap-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "The filter that defines the conditions that must be fulfilled in order\nfor the Search to match a given entry.
\nThe syntax of the filter follows RFC 4515 and also supports placeholders.", + "hash" : "V-authentication-S-ldap-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "Sets the maximum time in milliseconds that is used for each individual request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "SSL connection settings.", + "hash" : "T-authentication-S-ldap-ssl-S-ssl", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authentication-S-ldap-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + }, + { + "doc" : "Authentication method.", + "refs" : [ + { + "doc" : "Authenticate by comparing the hashed password which was provided by the `password attribute`.", + "hash" : "T-authentication-S-ldap-method-S-hash_method", + "fields" : [ + { + "doc" : "Authentication method type.", + "hash" : "V-authentication-S-ldap-method-S-hash_method-type", + "text" : "type", + "type" : "Enum(hash)", + "default" : "hash" + }, + { + "doc" : "Indicates which attribute is used to represent the user's password.", + "hash" : "V-authentication-S-ldap-method-S-hash_method-password_attribute", + "text" : "password_attribute", + "type" : "String", + "default" : "userPassword" + }, + { + "doc" : "Indicates which attribute is used to represent whether the user is a superuser.", + "hash" : "V-authentication-S-ldap-method-S-hash_method-is_superuser_attribute", + "text" : "is_superuser_attribute", + "type" : "String", + "default" : "isSuperuser" + } + ], + "text" : "hash_method" + }, + { + "doc" : "Authenticate by the LDAP bind operation.", + "hash" : "T-authentication-S-ldap-method-S-bind_method", + "fields" : [ + { + "doc" : "Authentication method type.", + "hash" : "V-authentication-S-ldap-method-S-bind_method-type", + "text" : "type", + "type" : "Enum(bind)", + "default" : "bind" + }, + { + "doc" : "The template for password to bind.", + "hash" : "V-authentication-S-ldap-method-S-bind_method-bind_password", + "text" : "bind_password", + "type" : "String", + "default" : "\"${password}\"" + } + ], + "text" : "bind_method" + } + ], + "hash" : "V-authentication-S-ldap-method", + "text" : "method", + "type" : "OneOf(Struct(hash_method),Struct(bind_method))" + } + ], + "text" : "ldap" + }, + { + "doc" : "This is a deprecated form, and you should avoid using it.", + "hash" : "T-authentication-S-ldap_deprecated", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-ldap_deprecated-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-ldap_deprecated-backend", + "text" : "backend", + "type" : "String(\"ldap\")" + }, + { + "doc" : "Timeout for the LDAP query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap_deprecated-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe LDAP default port 389 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-ldap_deprecated-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-ldap_deprecated-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-ldap_deprecated-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-ldap_deprecated-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "The name of the base object entry (or possibly the root) relative to\nwhich the Search is to be performed.", + "hash" : "V-authentication-S-ldap_deprecated-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "The filter that defines the conditions that must be fulfilled in order\nfor the Search to match a given entry.
\nThe syntax of the filter follows RFC 4515 and also supports placeholders.", + "hash" : "V-authentication-S-ldap_deprecated-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "Sets the maximum time in milliseconds that is used for each individual request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap_deprecated-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "SSL connection settings.", + "hash" : "T-authentication-S-ldap_deprecated-ssl-S-ssl", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authentication-S-ldap_deprecated-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + }, + { + "doc" : "Indicates which attribute is used to represent the user's password.", + "hash" : "V-authentication-S-ldap_deprecated-password_attribute", + "text" : "password_attribute", + "type" : "String", + "default" : "userPassword" + }, + { + "doc" : "Indicates which attribute is used to represent whether the user is a superuser.", + "hash" : "V-authentication-S-ldap_deprecated-is_superuser_attribute", + "text" : "is_superuser_attribute", + "type" : "String", + "default" : "isSuperuser" + } + ], + "text" : "ldap_deprecated" + } + ], + "hash" : "V-authentication", + "text" : "authentication", + "type" : "Array(OneOf(Struct(builtin_db),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(redis_single),Struct(redis_cluster),Struct(redis_sentinel),Struct(http_get),Struct(http_post),Struct(jwt_hmac),Struct(jwt_public_key),Struct(jwt_jwks),Struct(scram),Struct(ldap),Struct(ldap_deprecated)))", + "default" : "[]" + }, + { + "doc" : "Authorization a.k.a. ACL.
\nIn EMQX, MQTT client access control is extremely flexible.
\nAn out-of-the-box set of authorization data sources are supported.\nFor example,
\n'file' source is to support concise and yet generic ACL rules in a file;
\n'built_in_database' source can be used to store per-client customizable rule sets,\nnatively in the EMQX node;
\n'http' source to make EMQX call an external HTTP API to make the decision;
\n'PostgreSQL' etc. to look up clients or rules from external databases", + "refs" : [ + { + "doc" : "Settings that control client authorization.", + "hash" : "T-authorization-S-authorization", + "fields" : [ + { + "doc" : "Default access control action if the user or client matches no ACL rules,\nor if no such user or client is found by the configurable authorization\nsources such as built_in_database, an HTTP API, or a query against PostgreSQL.\nFind more details in 'authorization.sources' config.", + "hash" : "V-authorization-S-authorization-no_match", + "text" : "no_match", + "type" : "Enum(allow,deny)", + "default" : "allow" + }, + { + "doc" : "The action when the authorization check rejects an operation.", + "hash" : "V-authorization-S-authorization-deny_action", + "text" : "deny_action", + "type" : "Enum(ignore,disconnect)", + "default" : "ignore" + }, + { + "refs" : [ + { + "doc" : "Settings for the authorization cache.", + "hash" : "T-authorization-S-authorization-cache-S-authz_cache", + "fields" : [ + { + "doc" : "Maximum number of cached items.", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-max_size", + "text" : "max_size", + "type" : "Integer(1..1048576)", + "default" : "32" + }, + { + "doc" : "Time to live for the cached data.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-ttl", + "text" : "ttl", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "Exclude caching ACL check results for topics matching the given patterns.", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-excludes", + "text" : "excludes", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "authz_cache" + } + ], + "hash" : "V-authorization-S-authorization-cache", + "text" : "cache", + "type" : "Struct(authz_cache)" + }, + { + "doc" : "Authorization data sources.
\nAn array of authorization (ACL) data providers.\nIt is designed as an array, not a hash-map, so the sources can be\nordered to form a chain of access controls.
\n\nWhen authorizing a 'publish' or 'subscribe' action, the configured\nsources are checked in order. When checking an ACL source,\nin case the client (identified by username or client ID) is not found,\nit moves on to the next source. And it stops immediately\nonce an 'allow' or 'deny' decision is returned.
\n\nIf the client is not found in any of the sources,\nthe default action configured in 'authorization.no_match' is applied.
\n\nNOTE:\nThe source elements are identified by their 'type'.\nIt is NOT allowed to configure two or more sources of the same type.", + "refs" : [ + { + "doc" : "Authorization using a static file.", + "hash" : "T-authorization-S-authorization-sources-S-file", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-file-type", + "text" : "type", + "type" : "String(\"file\")" + }, + { + "doc" : "Path to the file which contains the ACL rules.\nIf the file provisioned before starting EMQX node,\nit can be placed anywhere as long as EMQX has read access to it.\nThat is, EMQX will treat it as read only.\n\nIn case the rule-set is created or updated from EMQX Dashboard or HTTP API,\na new file will be created and placed in `authz` subdirectory inside EMQX's `data_dir`,\nand the old file will not be used anymore.", + "hash" : "V-authorization-S-authorization-sources-S-file-path", + "text" : "path", + "type" : "String" + } + ], + "text" : "file" + }, + { + "doc" : "Authorization using a built-in database (mnesia).", + "hash" : "T-authorization-S-authorization-sources-S-builtin_db", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-builtin_db-type", + "text" : "type", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "Maximum number of rules per client/user. Note that performance may decrease as number of rules increases.", + "hash" : "V-authorization-S-authorization-sources-S-builtin_db-max_rules", + "text" : "max_rules", + "type" : "Integer(1..+inf)", + "default" : "100" + } + ], + "text" : "builtin_db" + }, + { + "doc" : "Authorization using an external HTTP server (via GET requests).", + "hash" : "T-authorization-S-authorization-sources-S-http_get", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-type", + "text" : "type", + "type" : "String(\"http\")" + }, + { + "doc" : "URL of the auth server.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP request timeout.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request_timeout", + "text" : "request_timeout", + "type" : "String", + "default" : "\"30s\"" + }, + { + "doc" : "HTTP request body.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-body", + "text" : "body", + "type" : "Map($name->String)" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "The pool size.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Configure HTTP request parameters.", + "refs" : [ + { + "doc" : "", + "hash" : "T-authorization-S-authorization-sources-S-http_get-request-S-request", + "fields" : [ + { + "doc" : "HTTP method.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_get-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "HTTP method.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-method", + "text" : "method", + "type" : "String(\"get\")" + }, + { + "doc" : "List of HTTP headers (without content-type).", + "hash" : "V-authorization-S-authorization-sources-S-http_get-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}" + } + ], + "text" : "http_get" + }, + { + "doc" : "Authorization using an external HTTP server (via POST requests).", + "hash" : "T-authorization-S-authorization-sources-S-http_post", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-type", + "text" : "type", + "type" : "String(\"http\")" + }, + { + "doc" : "URL of the auth server.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP request timeout.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request_timeout", + "text" : "request_timeout", + "type" : "String", + "default" : "\"30s\"" + }, + { + "doc" : "HTTP request body.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-body", + "text" : "body", + "type" : "Map($name->String)" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "The pool size.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Configure HTTP request parameters.", + "refs" : [ + { + "doc" : "", + "hash" : "T-authorization-S-authorization-sources-S-http_post-request-S-request", + "fields" : [ + { + "doc" : "HTTP method.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_post-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "HTTP method.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-method", + "text" : "method", + "type" : "String(\"post\")" + }, + { + "doc" : "List of HTTP Headers.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}" + } + ], + "text" : "http_post" + }, + { + "doc" : "Authorization using a single Redis instance.", + "hash" : "T-authorization-S-authorization-sources-S-redis_single", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Single mode. Must be set to 'single' when Redis server is running in single mode.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-redis_type", + "text" : "redis_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis database ID.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Database query used to retrieve authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_single" + }, + { + "doc" : "Authorization using a Redis Sentinel.", + "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Sentinel mode. Must be set to 'sentinel' when Redis server is running in sentinel mode.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-redis_type", + "text" : "redis_type", + "type" : "String(\"sentinel\")", + "default" : "sentinel" + }, + { + "doc" : "The cluster name in Redis sentinel mode.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-sentinel", + "text" : "sentinel", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis database ID.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Database query used to retrieve authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_sentinel" + }, + { + "doc" : "Authorization using a Redis cluster.", + "hash" : "T-authorization-S-authorization-sources-S-redis_cluster", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Cluster mode. Must be set to 'cluster' when Redis server is running in clustered mode.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-redis_type", + "text" : "redis_type", + "type" : "String(\"cluster\")", + "default" : "cluster" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Database query used to retrieve authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_cluster" + }, + { + "doc" : "Authorization using a MySQL database.", + "hash" : "T-authorization-S-authorization-sources-S-mysql", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-type", + "text" : "type", + "type" : "String(\"mysql\")" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MySQL default port 3306 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Key-value list of SQL prepared statements.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-prepare_statement", + "text" : "prepare_statement", + "type" : "Map" + }, + { + "doc" : "Database query used to retrieve authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-query", + "text" : "query", + "type" : "String" + } + ], + "text" : "mysql" + }, + { + "doc" : "Authorization using a PostgreSQL database.", + "hash" : "T-authorization-S-authorization-sources-S-postgresql", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-type", + "text" : "type", + "type" : "String(\"postgresql\")" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Database name.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Key-value list of SQL prepared statements.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-prepare_statement", + "text" : "prepare_statement", + "type" : "Map" + }, + { + "doc" : "Database query used to retrieve authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-query", + "text" : "query", + "type" : "String" + } + ], + "text" : "postgresql" + }, + { + "doc" : "Authorization using a single MongoDB instance.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "`MongoDB` collection containing the authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders
\n - ${username}: Will be replaced at runtime with Username used by the client when connecting
\n - ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Standalone instance. Must be set to 'single' when MongoDB server is running in standalone mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-mongo_type", + "text" : "mongo_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_single" + }, + { + "doc" : "Authorization using a MongoDB replica set.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "`MongoDB` collection containing the authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders
\n - ${username}: Will be replaced at runtime with Username used by the client when connecting
\n - ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Replica set. Must be set to 'rs' when MongoDB server is running in 'replica set' mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-mongo_type", + "text" : "mongo_type", + "type" : "String(\"rs\")", + "default" : "rs" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Read mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-r_mode", + "text" : "r_mode", + "type" : "Enum(master,slave_ok)", + "default" : "master" + }, + { + "doc" : "Name of the replica set.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-replica_set_name", + "text" : "replica_set_name", + "type" : "String" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_rs" + }, + { + "doc" : "Authorization using a sharded MongoDB cluster.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "`MongoDB` collection containing the authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders
\n - ${username}: Will be replaced at runtime with Username used by the client when connecting
\n - ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Sharded cluster. Must be set to 'sharded' when MongoDB server is running in 'sharded' mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-mongo_type", + "text" : "mongo_type", + "type" : "String(\"sharded\")", + "default" : "sharded" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_sharded" + }, + { + "doc" : "AuthZ with LDAP", + "hash" : "T-authorization-S-authorization-sources-S-ldap", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-type", + "text" : "type", + "type" : "String(\"ldap\")" + }, + { + "doc" : "Indicates which attribute is used to represent the allowed topics list of the `publish`.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-publish_attribute", + "text" : "publish_attribute", + "type" : "String", + "default" : "mqttPublishTopic" + }, + { + "doc" : "Indicates which attribute is used to represent the allowed topics list of the `subscribe`.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-subscribe_attribute", + "text" : "subscribe_attribute", + "type" : "String", + "default" : "mqttSubscriptionTopic" + }, + { + "doc" : "Indicates which attribute is used to represent the both allowed topics list of `publish` and `subscribe`.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-all_attribute", + "text" : "all_attribute", + "type" : "String", + "default" : "mqttPubSubTopic" + }, + { + "doc" : "Timeout for the LDAP query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe LDAP default port 389 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "The name of the base object entry (or possibly the root) relative to\nwhich the Search is to be performed.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "The filter that defines the conditions that must be fulfilled in order\nfor the Search to match a given entry.
\nThe syntax of the filter follows RFC 4515 and also supports placeholders.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "Sets the maximum time in milliseconds that is used for each individual request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "SSL connection settings.", + "hash" : "T-authorization-S-authorization-sources-S-ldap-ssl-S-ssl", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + } + ], + "text" : "ldap" + } + ], + "hash" : "V-authorization-S-authorization-sources", + "text" : "sources", + "type" : "Array(OneOf(Struct(file),Struct(builtin_db),Struct(http_get),Struct(http_post),Struct(redis_single),Struct(redis_sentinel),Struct(redis_cluster),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(ldap)))", + "default" : "[{enable = true, path = \"${EMQX_ETC_DIR}/acl.conf\", type = file}]" + } + ], + "text" : "authorization" + } + ], + "hash" : "V-authorization", + "text" : "authorization", + "type" : "Struct(authorization)" + }, + { + "refs" : [ + { + "doc" : "Node name, cookie, config & data directories and the Erlang virtual machine (BEAM) boot parameters.", + "hash" : "T-node-S-node", + "fields" : [ + { + "doc" : "Unique name of the EMQX node. It must follow %name%@FQDN or\n%name%@IPv4 format.", + "hash" : "V-node-S-node-name", + "text" : "name", + "type" : "String", + "default" : "\"emqx@127.0.0.1\"" + }, + { + "doc" : "Secret cookie is a random string that should be the same on all nodes in\nthe given EMQX cluster, but unique per EMQX cluster. It is used to prevent EMQX nodes that\nbelong to different clusters from accidentally connecting to each other.", + "hash" : "V-node-S-node-cookie", + "text" : "cookie", + "type" : "String" + }, + { + "doc" : "Maximum number of simultaneously open files and sockets for this Erlang system.\nFor more information, see: https://www.erlang.org/doc/man/erl.html", + "hash" : "V-node-S-node-max_ports", + "text" : "max_ports", + "type" : "Integer(1024..134217727)", + "default" : "1048576" + }, + { + "doc" : "Erlang's distribution buffer busy limit in kilobytes.", + "hash" : "V-node-S-node-dist_buffer_size", + "text" : "dist_buffer_size", + "type" : "Integer(1..2097151)", + "default" : "8192" + }, + { + "doc" : "Path to the persistent data directory.
\nPossible auto-created subdirectories are:
\n- `mnesia/`: EMQX's built-in database directory.
\nFor example, `mnesia/emqx@127.0.0.1`.
\nThere should be only one such subdirectory.
\nMeaning, in case the node is to be renamed (to e.g. `emqx@10.0.1.1`),
\nthe old dir should be deleted first.
\n- `configs`: Generated configs at boot time, and cluster/local override configs.
\n- `patches`: Hot-patch beam files are to be placed here.
\n- `trace`: Trace log files.
\n\n**NOTE**: One data dir cannot be shared by two or more EMQX nodes.", + "hash" : "V-node-S-node-data_dir", + "text" : "data_dir", + "type" : "String" + }, + { + "doc" : "Periodic garbage collection interval. Set to disabled to have it disabled.", + "hash" : "V-node-S-node-global_gc_interval", + "text" : "global_gc_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"15m\"" + }, + { + "doc" : "Select a node role.
\ncore nodes provide durability of the data, and take care of writes.\nIt is recommended to place core nodes in different racks or different availability zones.
\nreplicant nodes are ephemeral worker nodes. Removing them from the cluster\ndoesn't affect database redundancy
\nIt is recommended to have more replicant nodes than core nodes.
\nNote: this parameter only takes effect when the backend is set\nto rlog.", + "hash" : "V-node-S-node-role", + "aliases" : [ + "db_role" + ], + "text" : "role", + "type" : "Enum(core)", + "default" : "core" + } + ], + "text" : "node" + } + ], + "hash" : "V-node", + "text" : "node", + "type" : "Struct(node)" + }, + { + "refs" : [ + { + "doc" : "EMQX nodes can form a cluster to scale up the total capacity.
\n Here holds the configs to instruct how individual nodes can discover each other.", + "hash" : "T-cluster-S-cluster", + "fields" : [ + { + "doc" : "Human-friendly name of the EMQX cluster.", + "hash" : "V-cluster-S-cluster-name", + "text" : "name", + "type" : "String", + "default" : "emqxcl" + }, + { + "doc" : "Service discovery method for the cluster nodes. Possible values are:\n- manual: Use emqx ctl cluster command to manage cluster.
\n- static: Configure static nodes list by setting seeds in config file.
\n- dns: Use DNS A record to discover peer nodes.
\n- etcd: Use etcd to discover peer nodes.
\n- k8s: Use Kubernetes API to discover peer pods.", + "hash" : "V-cluster-S-cluster-discovery_strategy", + "text" : "discovery_strategy", + "type" : "Enum(manual,static,singleton,dns,etcd,k8s)", + "default" : "manual" + }, + { + "doc" : "Remove disconnected nodes from the cluster after this interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-cluster-S-cluster-autoclean", + "text" : "autoclean", + "type" : "Duration", + "default" : "\"24h\"" + }, + { + "doc" : "If true, the node will try to heal network partitions automatically.", + "hash" : "V-cluster-S-cluster-autoheal", + "text" : "autoheal", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The Erlang distribution protocol for the cluster.
\n- inet_tcp: IPv4 TCP
\n- inet_tls: IPv4 TLS, works together with etc/ssl_dist.conf
\n- inet6_tcp: IPv6 TCP
\n- inet6_tls: IPv6 TLS, works together with etc/ssl_dist.conf", + "hash" : "V-cluster-S-cluster-proto_dist", + "text" : "proto_dist", + "type" : "Enum(inet_tcp,inet6_tcp,inet_tls,inet6_tls)", + "default" : "inet_tcp" + }, + { + "refs" : [ + { + "doc" : "Service discovery via static nodes.\nThe new node joins the cluster by connecting to one of the bootstrap nodes.", + "hash" : "T-cluster-S-cluster-static-S-cluster_static", + "fields" : [ + { + "doc" : "List EMQX node names in the static cluster. See node.name.", + "hash" : "V-cluster-S-cluster-static-S-cluster_static-seeds", + "text" : "seeds", + "type" : "OneOf(String,Array(String))", + "default" : "[]" + } + ], + "text" : "cluster_static" + } + ], + "hash" : "V-cluster-S-cluster-static", + "text" : "static", + "type" : "Struct(cluster_static)" + }, + { + "refs" : [ + { + "doc" : "Service discovery via DNS SRV records.", + "hash" : "T-cluster-S-cluster-dns-S-cluster_dns", + "fields" : [ + { + "doc" : "The domain name from which to discover peer EMQX nodes' IP addresses.\nApplicable when cluster.discovery_strategy = dns", + "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-name", + "text" : "name", + "type" : "String", + "default" : "localhost" + }, + { + "doc" : "DNS record type.", + "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-record_type", + "text" : "record_type", + "type" : "Enum(a,aaaa,srv)", + "default" : "a" + } + ], + "text" : "cluster_dns" + } + ], + "hash" : "V-cluster-S-cluster-dns", + "text" : "dns", + "type" : "Struct(cluster_dns)" + }, + { + "refs" : [ + { + "doc" : "Service discovery using 'etcd' service.", + "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd", + "fields" : [ + { + "doc" : "List of endpoint URLs of the etcd cluster", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Key prefix used for EMQX service discovery.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-prefix", + "text" : "prefix", + "type" : "String", + "default" : "emqxcl" + }, + { + "doc" : "Expiration time of the etcd key associated with the node.\nIt is refreshed automatically, as long as the node is alive.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-node_ttl", + "text" : "node_ttl", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "Options for the TLS connection to the etcd cluster.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options", + "aliases" : [ + "ssl" + ], + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)" + } + ], + "text" : "cluster_etcd" + } + ], + "hash" : "V-cluster-S-cluster-etcd", + "text" : "etcd", + "type" : "Struct(cluster_etcd)" + }, + { + "refs" : [ + { + "doc" : "Service discovery via Kubernetes API server.", + "hash" : "T-cluster-S-cluster-k8s-S-cluster_k8s", + "fields" : [ + { + "doc" : "Kubernetes API endpoint URL.", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-apiserver", + "text" : "apiserver", + "type" : "String", + "default" : "\"https://kubernetes.default.svc:443\"" + }, + { + "doc" : "EMQX broker service name.", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-service_name", + "text" : "service_name", + "type" : "String", + "default" : "emqx" + }, + { + "doc" : "Address type used for connecting to the discovered nodes.\nSetting cluster.k8s.address_type to ip will\nmake EMQX to discover IP addresses of peer nodes from Kubernetes API.", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-address_type", + "text" : "address_type", + "type" : "Enum(ip,dns,hostname)", + "default" : "ip" + }, + { + "doc" : "Kubernetes namespace.", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-namespace", + "text" : "namespace", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Node name suffix.
\nNote: this parameter is only relevant when address_type is dns\nor hostname.", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-suffix", + "text" : "suffix", + "type" : "String", + "default" : "\"pod.local\"" + } + ], + "text" : "cluster_k8s" + } + ], + "hash" : "V-cluster-S-cluster-k8s", + "text" : "k8s", + "type" : "Struct(cluster_k8s)" + } + ], + "text" : "cluster" + } + ], + "hash" : "V-cluster", + "text" : "cluster", + "type" : "Struct(cluster)" + }, + { + "doc" : "EMQX provides support for two primary log handlers: `file` and `console`, with an additional `audit` handler specifically designed to always direct logs to files.\nThe system's default log handling behavior can be configured via the environment variable `EMQX_DEFAULT_LOG_HANDLER`, which accepts the following settings:\n\n- `file`: Directs log output exclusively to files.\n- `console`: Channels log output solely to the console.\n\nIt's noteworthy that `EMQX_DEFAULT_LOG_HANDLER` is set to `file` when EMQX is initiated via systemd's `emqx.service` file.\nIn scenarios outside systemd initiation, `console` serves as the default log handler.", + "refs" : [ + { + "doc" : "EMQX supports multiple log handlers, one console handler and multiple file handlers.\nEMQX by default logs to console when running in docker or in console/foreground mode,\notherwise it logs to file $EMQX_LOG_DIR/emqx.log.\nFor advanced configuration, you can find more parameters in this section.", + "hash" : "T-log-S-log", + "fields" : [ + { + "refs" : [ + { + "doc" : "Log handler that prints log events to the EMQX console.", + "hash" : "T-log-S-log-console-S-console_handler", + "fields" : [ + { + "doc" : "The log level for the current log handler.\nDefaults to warning.", + "hash" : "V-log-S-log-console-S-console_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "Enable this log handler.", + "hash" : "V-log-S-log-console-S-console_handler-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Choose log formatter. text for free text, and json for structured logging.", + "hash" : "V-log-S-log-console-S-console_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.", + "hash" : "V-log-S-log-console-S-console_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.", + "hash" : "V-log-S-log-console-S-console_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`", + "hash" : "V-log-S-log-console-S-console_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "console_handler" + } + ], + "hash" : "V-log-S-log-console", + "aliases" : [ + "console_handler" + ], + "text" : "console", + "type" : "Struct(console_handler)" + }, + { + "doc" : "File-based log handlers.", + "refs" : [ + { + "doc" : "Log handler that prints log events to files.", + "hash" : "T-log-S-log-file-S-log_file_handler", + "fields" : [ + { + "doc" : "Name the log file.", + "hash" : "V-log-S-log-file-S-log_file_handler-path", + "aliases" : [ + "file", + "to" + ], + "text" : "path", + "type" : "String", + "default" : "\"${EMQX_LOG_DIR}/emqx.log\"" + }, + { + "doc" : "Maximum number of log files.", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count", + "aliases" : [ + "rotation" + ], + "text" : "rotation_count", + "type" : "Integer(1..128)", + "default" : "10" + }, + { + "doc" : "This parameter controls log file rotation. The value `infinity` means the log file will grow indefinitely, otherwise the log file will be rotated once it reaches `rotation_size` in bytes.", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size", + "aliases" : [ + "max_size" + ], + "text" : "rotation_size", + "type" : "OneOf(String(\"infinity\"),Bytesize)", + "default" : "\"50MB\"" + }, + { + "doc" : "The log level for the current log handler.\nDefaults to warning.", + "hash" : "V-log-S-log-file-S-log_file_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "Choose log formatter. text for free text, and json for structured logging.", + "hash" : "V-log-S-log-file-S-log_file_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.", + "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.", + "hash" : "V-log-S-log-file-S-log_file_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`", + "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "log_file_handler" + }, + { + "doc" : "Log handler that prints log events to files.", + "hash" : "T-log-S-log-file-S-log_file_handler", + "fields" : [ + { + "doc" : "Name the log file.", + "hash" : "V-log-S-log-file-S-log_file_handler-path", + "aliases" : [ + "file", + "to" + ], + "text" : "path", + "type" : "String", + "default" : "\"${EMQX_LOG_DIR}/emqx.log\"" + }, + { + "doc" : "Maximum number of log files.", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count", + "aliases" : [ + "rotation" + ], + "text" : "rotation_count", + "type" : "Integer(1..128)", + "default" : "10" + }, + { + "doc" : "This parameter controls log file rotation. The value `infinity` means the log file will grow indefinitely, otherwise the log file will be rotated once it reaches `rotation_size` in bytes.", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size", + "aliases" : [ + "max_size" + ], + "text" : "rotation_size", + "type" : "OneOf(String(\"infinity\"),Bytesize)", + "default" : "\"50MB\"" + }, + { + "doc" : "The log level for the current log handler.\nDefaults to warning.", + "hash" : "V-log-S-log-file-S-log_file_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "Choose log formatter. text for free text, and json for structured logging.", + "hash" : "V-log-S-log-file-S-log_file_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.", + "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.", + "hash" : "V-log-S-log-file-S-log_file_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`", + "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "log_file_handler" + } + ], + "hash" : "V-log-S-log-file", + "aliases" : [ + "file_handlers" + ], + "text" : "file", + "type" : "OneOf(Struct(log_file_handler),Map($handler_name->Struct(log_file_handler)))", + "default" : "{level = warning}" + }, + { + "refs" : [ + { + "doc" : "Log throttling feature reduces the number of potentially flooding logged events by\ndropping all but the first event within a configured time window.\nThe throttling is automatically disabled if `console` or `file` log level is set to debug.", + "hash" : "T-log-S-log-throttling-S-log_throttling", + "fields" : [ + { + "doc" : "This configuration setting controls the logging behavior for throttled messages,\nincluding, but not limited to messages like 'authorization_permission_denied'.\nWithin each defined time window, only one instance of a throttled message will be logged to prevent log flooding.\nAt the conclusion of each time window, a summary log will be generated, detailing the occurrence of any throttled messages during that period.\nIt's important to note that the shortest effective time window for this setting is 1 second (`1s`).\nShould a value lower than `1s` be specified, it will automatically be adjusted to `1s`.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-log-S-log-throttling-S-log_throttling-time_window", + "text" : "time_window", + "type" : "Duration(s)", + "default" : "\"1m\"" + } + ], + "text" : "log_throttling" + } + ], + "hash" : "V-log-S-log-throttling", + "text" : "throttling", + "type" : "Struct(log_throttling)" + } + ], + "text" : "log" + } + ], + "hash" : "V-log", + "text" : "log", + "type" : "Struct(log)" + }, + { + "refs" : [ + { + "doc" : "EMQX uses a library called gen_rpc for inter-broker communication.
\nMost of the time the default config should work,\nbut in case you need to do performance fine-tuning or experiment a bit,\nthis is where to look.", + "hash" : "T-rpc-S-rpc", + "fields" : [ + { + "doc" : "In sync mode the sending side waits for the ack from the receiving side.", + "hash" : "V-rpc-S-rpc-mode", + "text" : "mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Transport protocol used for inter-broker communication", + "hash" : "V-rpc-S-rpc-protocol", + "aliases" : [ + "driver" + ], + "text" : "protocol", + "type" : "Enum(tcp,ssl)", + "default" : "tcp" + }, + { + "doc" : "The maximum number of batch messages sent in asynchronous mode.\n Note that this configuration does not work in synchronous mode.", + "hash" : "V-rpc-S-rpc-async_batch_size", + "text" : "async_batch_size", + "type" : "Integer", + "default" : "256" + }, + { + "doc" : "manual: discover ports by server_port.
\nstateless: discover ports in a stateless manner, using the following algorithm.\nIf node name is emqxN@127.0.0.1, where the N is an integer,\nthen the listening port will be 5370 + N.\nNOTE: when `port_discovery` is `manual`, `server_port` configuration has no effect.", + "hash" : "V-rpc-S-rpc-port_discovery", + "text" : "port_discovery", + "type" : "Enum(manual,stateless)", + "default" : "stateless" + }, + { + "doc" : "Listening port used by RPC local service.
\nNote that this config only takes effect when rpc.port_discovery is set to manual.", + "hash" : "V-rpc-S-rpc-server_port", + "aliases" : [ + "tcp_server_port", + "ssl_server_port" + ], + "text" : "server_port", + "type" : "Integer(1..+inf)", + "default" : "5369" + }, + { + "doc" : "Set the maximum number of RPC communication channels initiated by this node to each remote node.", + "hash" : "V-rpc-S-rpc-client_num", + "aliases" : [ + "tcp_client_num" + ], + "text" : "client_num", + "type" : "Integer(1..256)", + "default" : "10" + }, + { + "doc" : "Timeout for establishing an RPC connection.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to TLS certificate file used to validate identity of the cluster nodes.\nNote that this config only takes effect when rpc.driver is set to ssl.", + "hash" : "V-rpc-S-rpc-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "Path to the private key file for the rpc.certfile.
\nNote: contents of this file are secret, so it's necessary to set permissions to 600.", + "hash" : "V-rpc-S-rpc-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Path to certification authority TLS certificate file used to validate rpc.certfile.
\nNote: certificates of all nodes in the cluster must be signed by the same CA.", + "hash" : "V-rpc-S-rpc-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Timeout for sending the RPC request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Timeout for the remote node authentication.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-authentication_timeout", + "text" : "authentication_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Timeout for the reply to a synchronous RPC.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-call_receive_timeout", + "text" : "call_receive_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Corresponds to the `TCP_KEEPIDLE` socket option. The time (in seconds) the connection needs to remain idle before TCP starts sending keepalive probes.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-socket_keepalive_idle", + "text" : "socket_keepalive_idle", + "type" : "Duration(s)", + "default" : "\"15m\"" + }, + { + "doc" : "Corresponds to the `TCP_KEEPINTVL` socket option. The time (in seconds) between individual keepalive probes.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-socket_keepalive_interval", + "text" : "socket_keepalive_interval", + "type" : "Duration(s)", + "default" : "\"75s\"" + }, + { + "doc" : "Corresponds to the `TCP_KEEPCNT` socket option. The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end.", + "hash" : "V-rpc-S-rpc-socket_keepalive_count", + "text" : "socket_keepalive_count", + "type" : "Integer", + "default" : "9" + }, + { + "doc" : "TCP tuning parameters. TCP sending buffer size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-rpc-S-rpc-socket_sndbuf", + "text" : "socket_sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP tuning parameters. TCP receiving buffer size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-rpc-S-rpc-socket_recbuf", + "text" : "socket_recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP tuning parameters. Socket buffer size in user mode.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-rpc-S-rpc-socket_buffer", + "text" : "socket_buffer", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "Enable compatibility with old RPC authentication.", + "hash" : "V-rpc-S-rpc-insecure_fallback", + "text" : "insecure_fallback", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-rpc-S-rpc-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-rpc-S-rpc-tls_versions", + "text" : "tls_versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "Indicates the IP address for the RPC server to listen on. For example, use \"0.0.0.0\" for IPv4 or \"::\" for IPv6.", + "hash" : "V-rpc-S-rpc-listen_address", + "text" : "listen_address", + "type" : "String", + "default" : "\"0.0.0.0\"" + }, + { + "doc" : "This setting is effective only when rpc.listen_address is assigned an IPv6 address.\nIf set to true, the RPC client will exclusively use IPv6 for connections.\nOtherwise, the client might opt for IPv4, even if the server is on IPv6.", + "hash" : "V-rpc-S-rpc-ipv6_only", + "text" : "ipv6_only", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "rpc" + } + ], + "hash" : "V-rpc", + "text" : "rpc", + "type" : "Struct(rpc)" + }, + { + "doc" : "System topics configuration.", + "refs" : [ + { + "doc" : "The EMQX Broker periodically publishes its own status, message statistics,\nclient online and offline events to the system topic starting with `$SYS/`.\n\nThe following options control the behavior of `$SYS` topics.", + "hash" : "T-sys_topics-S-sys_topics", + "fields" : [ + { + "doc" : "Time interval for publishing following system messages:\n - `$SYS/brokers`\n - `$SYS/brokers//version`\n - `$SYS/brokers//sysdescr`\n - `$SYS/brokers//stats/`\n - `$SYS/brokers//metrics/`", + "hash" : "V-sys_topics-S-sys_topics-sys_msg_interval", + "text" : "sys_msg_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"1m\"" + }, + { + "doc" : "Time interval for publishing following heartbeat messages:\n - `$SYS/brokers//uptime`\n - `$SYS/brokers//datetime`", + "hash" : "V-sys_topics-S-sys_topics-sys_heartbeat_interval", + "text" : "sys_heartbeat_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"30s\"" + }, + { + "doc" : "Client events messages.", + "refs" : [ + { + "doc" : "Enable or disable client lifecycle event publishing.\n\nThe following options affect MQTT clients as well as\ngateway clients. The types of the clients\nare distinguished by the topic prefix:\n\n- For the MQTT clients, the format is:\n`$SYS/broker//clients//`\n- For the Gateway clients, it is\n`$SYS/broker//gateway//clients//`\n", + "hash" : "T-sys_topics-S-sys_topics-sys_event_messages-S-event_names", + "fields" : [ + { + "doc" : "Enable to publish client connected event messages", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_connected", + "text" : "client_connected", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable to publish client disconnected event messages.", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_disconnected", + "text" : "client_disconnected", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable to publish event message that client subscribed a topic successfully.", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_subscribed", + "text" : "client_subscribed", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Enable to publish event message that client unsubscribed a topic successfully.", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_unsubscribed", + "text" : "client_unsubscribed", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "event_names" + } + ], + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages", + "text" : "sys_event_messages", + "type" : "Struct(event_names)" + } + ], + "text" : "sys_topics" + } + ], + "hash" : "V-sys_topics", + "text" : "sys_topics", + "type" : "Struct(sys_topics)" + }, + { + "refs" : [ + { + "doc" : "When the process message queue length, or the memory bytes\nreaches a certain value, the process is forced to close.\n\nNote: \"message queue\" here refers to the \"message mailbox\"\nof the Erlang process, not the `mqueue` of QoS 1 and QoS 2.", + "hash" : "T-force_shutdown-S-force_shutdown", + "fields" : [ + { + "doc" : "EMQX creates at least one lightweight process for each client connection.\n\nEach process has its own message queue (aka mailbox) to hold messages from other processes (e.g. MQTT messages) so that the process can read messages from the message queue (mailbox) at any time.\n\nIf the system is busy or the process hangs due to a busy socket (see `high_watermark`), the message queue can accumulate many messages.\n\nTo avoid excessive memory usage, EMQX will force a process to shut down when the length of its message queue exceeds `max_mailbox_size`.", + "hash" : "V-force_shutdown-S-force_shutdown-max_mailbox_size", + "aliases" : [ + "max_message_queue_len" + ], + "text" : "max_mailbox_size", + "type" : "Integer(0..inf)", + "default" : "1000" + }, + { + "doc" : "The maximum heap size of the process. If the `force_shutdown` is enabled, processes that exceed this limit will automatically exit or be forcibly killed. Messages in the process message queue (mailbox) are also part of the heap. The shutdown of a process can be divided into the following two situations:\n\n- The process actively checks the current heap size during its own operation, and actively exits after finding that it exceeds the limit.\n- The underlying scheduling system checks the current heap size after performing garbage collection for the process, and forcibly kills the process after finding that it exceeds the limit.\n\nNote: The Error logs generated by the above two will be different. The log generated by the former is similar to `...errorContext: connection_shutdown, reason: #{max => 2097152, reason => proc_heap_too_large, value => 2787348}..`,\nand the log generated by the latter is similar to `...Context: maximum heap size reached...`.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-force_shutdown-S-force_shutdown-max_heap_size", + "text" : "max_heap_size", + "type" : "Bytesize", + "default" : "\"32MB\"" + } + ], + "text" : "force_shutdown" + } + ], + "hash" : "V-force_shutdown", + "text" : "force_shutdown", + "type" : "Struct(force_shutdown)" + }, + { + "doc" : "Configuration related to the EMQX durable storages.\n\nEMQX uses durable storages to offload various data, such as MQTT messages, to disc.", + "refs" : [ + { + "doc" : "Configuration related to the EMQX durable storages.\n\nEMQX uses durable storages to offload various data, such as MQTT messages, to disc.", + "hash" : "T-durable_storage-S-durable_storage", + "fields" : [ + { + "doc" : "Configuration related to the durable storage of MQTT messages.", + "refs" : [ + { + "doc" : "Builtin storage backend utilizing embedded RocksDB key-value store.\nThis backend doesn't support clustering.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-backend", + "text" : "backend", + "type" : "String(\"builtin_local\")", + "default" : "builtin_local" + }, + { + "doc" : "File system directory where the database is located.\n\nBy default, it is equal to `node.data_dir`.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-data_dir", + "text" : "data_dir", + "type" : "String" + }, + { + "doc" : "The built-in durable storage partitions data into shards.\nThis configuration parameter defines the number of shards.\nPlease note that it takes effect only during the initialization of the durable storage database.\nChanging this configuration parameter after the database has been already created won't take any effect.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-n_shards", + "text" : "n_shards", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "Storage layout is a method of arranging messages from various topics and clients on disc.\n\nDepending on the type of workload and the topic structure, different types of strategies for storing the data can be employed to maximize efficiency of reading messages from the durable storage.", + "refs" : [ + { + "doc" : "_Wildcard-optimized_ layout is designed to maximize the throughput of wildcard subscriptions covering large numbers of topics.\n\nFor example, it can handle scenarios where a very large number of clients publish data to the topics containing their client ID, such as: `sensor/%device-version%/%clientid%/temperature`, `sensor/%device-version%/%clientid%/pressure`, etc.\nThis layout will automatically group such topics into a single stream, so a client subscribing to a topic filter containing wildcards (such as `sensor/+/+/temperature`) will be able to consume messages published by all devices as a single batch.\n\nThis layout is efficient for non-wildcard subscriptions as well.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2", + "fields" : [ + { + "doc" : "Wildcard-optimized layout type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2-type", + "text" : "type", + "type" : "String(\"wildcard_optimized_v2\")", + "default" : "wildcard_optimized_v2" + } + ], + "text" : "layout_builtin_wildcard_optimized_v2" + }, + { + "doc" : "_Wildcard-optimized_ layout is designed to maximize the throughput of wildcard subscriptions covering large numbers of topics.\n\nFor example, it can handle scenarios where a very large number of clients publish data to the topics containing their client ID, such as: `sensor/%device-version%/%clientid%/temperature`, `sensor/%device-version%/%clientid%/pressure`, etc.\nThis layout will automatically group such topics into a single stream, so a client subscribing to a topic filter containing wildcards (such as `sensor/+/+/temperature`) will be able to consume messages published by all devices as a single batch.\n\nThis layout is efficient for non-wildcard subscriptions as well.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized", + "fields" : [ + { + "doc" : "Wildcard-optimized layout type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized-type", + "text" : "type", + "type" : "String(\"wildcard_optimized\")", + "default" : "wildcard_optimized" + } + ], + "text" : "layout_builtin_wildcard_optimized" + }, + { + "doc" : "A simplistic layout type that stores all messages from all topics in chronological order in a single stream.\n\nNot recommended for production use.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference", + "fields" : [ + { + "doc" : "Reference layout type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference-type", + "text" : "type", + "type" : "String(\"reference\")", + "default" : "reference" + } + ], + "text" : "layout_builtin_reference" + } + ], + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout", + "text" : "layout", + "type" : "OneOf(Struct(layout_builtin_wildcard_optimized_v2),Struct(layout_builtin_wildcard_optimized),Struct(layout_builtin_reference))", + "default" : "{type = wildcard_optimized_v2}" + } + ], + "text" : "builtin_local" + } + ], + "hash" : "V-durable_storage-S-durable_storage-messages", + "text" : "messages", + "type" : "OneOf(Struct(builtin_local))", + "default" : "{backend = builtin_local}" + } + ], + "text" : "durable_storage" + } + ], + "hash" : "V-durable_storage", + "text" : "durable_storage", + "type" : "Struct(durable_storage)" + }, + { + "refs" : [ + { + "doc" : "Force garbage collection in MQTT connection process after\n they process certain number of messages or bytes of data.", + "hash" : "T-force_gc-S-force_gc", + "fields" : [ + { + "doc" : "GC the process after this many received messages.", + "hash" : "V-force_gc-S-force_gc-count", + "text" : "count", + "type" : "Integer(0..inf)", + "default" : "16000" + }, + { + "doc" : "GC the process after specified number of bytes have passed through.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-force_gc-S-force_gc-bytes", + "text" : "bytes", + "type" : "Bytesize", + "default" : "\"16MB\"" + } + ], + "text" : "force_gc" + } + ], + "hash" : "V-force_gc", + "text" : "force_gc", + "type" : "Struct(force_gc)" + }, + { + "refs" : [ + { + "doc" : "Features related to system monitoring and introspection.", + "hash" : "T-sysmon-S-sysmon", + "fields" : [ + { + "refs" : [ + { + "doc" : "This part of the configuration is responsible for collecting\n BEAM VM events, such as long garbage collection, traffic congestion in the inter-broker\n communication, etc.", + "hash" : "T-sysmon-S-sysmon-vm-S-sysmon_vm", + "fields" : [ + { + "doc" : "The time interval for the periodic process count limit check, used together with `process_high_watermark` and `process_low_watermark`.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_check_interval", + "text" : "process_check_interval", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "The threshold, as percentage of processes, for how many\n processes can simultaneously exist at the local node before the corresponding\n alarm is raised.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_high_watermark", + "text" : "process_high_watermark", + "type" : "String", + "default" : "\"80%\"" + }, + { + "doc" : "The threshold, as percentage of processes, for how many\n processes can simultaneously exist at the local node before the corresponding\n alarm is cleared.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_low_watermark", + "text" : "process_low_watermark", + "type" : "String", + "default" : "\"60%\"" + }, + { + "doc" : "When an Erlang process spends long time to perform garbage collection, a warning level long_gc log is emitted,\nand an MQTT message is published to the system topic $SYS/sysmon/long_gc.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_gc", + "text" : "long_gc", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "disabled" + }, + { + "doc" : "When the Erlang VM detect a task scheduled for too long, a warning level 'long_schedule' log is emitted,\nand an MQTT message is published to the system topic $SYS/sysmon/long_schedule.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_schedule", + "text" : "long_schedule", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"240ms\"" + }, + { + "doc" : "When the heap memory occupied by a process exceeds the size specified by `large_heap`, the system will write a warning level `large_heap` log, and an MQTT message will be published to the system topic `$SYS/sysmon/large_heap`.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-large_heap", + "text" : "large_heap", + "type" : "OneOf(String(\"disabled\"),Bytesize)", + "default" : "\"32MB\"" + }, + { + "doc" : "When the RPC connection used to communicate with other nodes in the cluster is overloaded,\nthere will be a busy_dist_port warning log,\nand an MQTT message is published to system topic $SYS/sysmon/busy_dist_port.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_dist_port", + "text" : "busy_dist_port", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When a port (e.g. TCP socket) is overloaded, there will be a busy_port warning log,\nand an MQTT message is published to the system topic $SYS/sysmon/busy_port.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_port", + "text" : "busy_port", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "sysmon_vm" + } + ], + "hash" : "V-sysmon-S-sysmon-vm", + "text" : "vm", + "type" : "Struct(sysmon_vm)" + }, + { + "refs" : [ + { + "doc" : "This part of the configuration is responsible for monitoring\n the host OS health, such as free memory, disk space, CPU load, etc.", + "hash" : "T-sysmon-S-sysmon-os-S-sysmon_os", + "fields" : [ + { + "doc" : "The time interval for the periodic CPU check. Disabled on Windows platform.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_check_interval", + "text" : "cpu_check_interval", + "type" : "Duration", + "default" : "\"60s\"" + }, + { + "doc" : "The threshold, as percentage of system CPU load,\n for how much system cpu can be used before the corresponding alarm is raised. Disabled on Windows platform", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_high_watermark", + "text" : "cpu_high_watermark", + "type" : "String", + "default" : "\"80%\"" + }, + { + "doc" : "The threshold, as percentage of system CPU load,\n for how much system cpu can be used before the corresponding alarm is cleared. Disabled on Windows platform", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_low_watermark", + "text" : "cpu_low_watermark", + "type" : "String", + "default" : "\"60%\"" + }, + { + "doc" : "The time interval for the periodic memory check. Disabled on Windows platform.", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-mem_check_interval", + "text" : "mem_check_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"60s\"" + }, + { + "doc" : "The threshold, as percentage of system memory,\n for how much system memory can be allocated before the corresponding alarm is raised. Disabled on Windows platform", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-sysmem_high_watermark", + "text" : "sysmem_high_watermark", + "type" : "String", + "default" : "\"70%\"" + }, + { + "doc" : "The threshold, as percentage of system memory,\n for how much system memory can be allocated by one Erlang process before\n the corresponding alarm is raised. Disabled on Windows platform.", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-procmem_high_watermark", + "text" : "procmem_high_watermark", + "type" : "String", + "default" : "\"5%\"" + } + ], + "text" : "sysmon_os" + } + ], + "hash" : "V-sysmon-S-sysmon-os", + "text" : "os", + "type" : "Struct(sysmon_os)" + } + ], + "text" : "sysmon" + } + ], + "hash" : "V-sysmon", + "text" : "sysmon", + "type" : "Struct(sysmon)" + }, + { + "refs" : [ + { + "doc" : "Settings for the alarms.", + "hash" : "T-alarm-S-alarm", + "fields" : [ + { + "doc" : "The actions triggered when the alarm is activated.
Currently, the following actions are supported: log and publish.\nlog is to write the alarm to log (console or file).\npublish is to publish the alarm as an MQTT message to the system topics:\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate and\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate", + "hash" : "V-alarm-S-alarm-actions", + "text" : "actions", + "type" : "Array(Enum(log,publish))", + "default" : "[log, publish]" + }, + { + "doc" : "The maximum number of historical alarms that can be stored.\n\nWhen the maximum number is reached, the oldest historical alarms will be deleted to store new historical alarms.", + "hash" : "V-alarm-S-alarm-size_limit", + "text" : "size_limit", + "type" : "Integer(1..3000)", + "default" : "1000" + }, + { + "doc" : "The validity period of historical alarms. Calculated from the time of activation of the historical alarm instead of the time of cancelation.\n\nIf it exists longer than the validity period, the alarm will be deleted.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-alarm-S-alarm-validity_period", + "text" : "validity_period", + "type" : "Duration", + "default" : "\"24h\"" + } + ], + "text" : "alarm" + } + ], + "hash" : "V-alarm", + "text" : "alarm", + "type" : "Struct(alarm)" + }, + { + "refs" : [ + { + "doc" : "This config controls the allowed maximum number of `CONNECT` packets received\nfrom the same clientid in a time frame defined by `window_time`.\nAfter the limit is reached, successive `CONNECT` requests are forbidden\n(banned) until the end of the time period defined by `ban_time`.", + "hash" : "T-flapping_detect-S-flapping_detect", + "fields" : [ + { + "doc" : "Enable flapping connection detection feature.", + "hash" : "V-flapping_detect-S-flapping_detect-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The time window for flapping detection.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-flapping_detect-S-flapping_detect-window_time", + "text" : "window_time", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "The maximum number of disconnects allowed for a MQTT Client in `window_time`", + "hash" : "V-flapping_detect-S-flapping_detect-max_count", + "text" : "max_count", + "type" : "Integer(0..+inf)", + "default" : "15" + }, + { + "doc" : "How long the flapping clientid will be banned.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-flapping_detect-S-flapping_detect-ban_time", + "text" : "ban_time", + "type" : "Duration", + "default" : "\"5m\"" + } + ], + "text" : "flapping_detect" + } + ], + "hash" : "V-flapping_detect", + "text" : "flapping_detect", + "type" : "Struct(flapping_detect)" + }, + { + "refs" : [ + { + "doc" : "Settings related to the durable session feature.", + "hash" : "T-durable_sessions-S-durable_sessions", + "fields" : [ + { + "doc" : "Use durable storage for client sessions persistence.\nIf enabled, sessions configured to outlive client connections, along with their corresponding messages, will be durably stored and survive broker downtime.\n\n:::warning\nMessages sent to the durable sessions are saved on disc.\nThis inevitably limits the overall throughput of the system.\n:::", + "hash" : "V-durable_sessions-S-durable_sessions-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "This value affects the flow control for the persistent sessions.\nPersistent session queries the durable message storage in batches.\nThis value specifies size of the batch.\n\nNote: larger batches generally improve the throughput and overall performance of the system, but increase RAM usage per client.", + "hash" : "V-durable_sessions-S-durable_sessions-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Expiry interval for poll requests sent by durable sessions to the storage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-durable_sessions-S-durable_sessions-idle_poll_interval", + "text" : "idle_poll_interval", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Durable sessions back up their state on disc every heartbeat interval.\n\nHeartbeat interval is also taken into account during garbage collection of expired sessions.\nIt is added to the session expiry time as a safety margin when precise time of session termination is not precisely known.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-durable_sessions-S-durable_sessions-heartbeat_interval", + "text" : "heartbeat_interval", + "type" : "Duration", + "default" : "\"5000ms\"" + }, + { + "doc" : "The interval at which session garbage collection is executed for persistent sessions.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-durable_sessions-S-durable_sessions-session_gc_interval", + "text" : "session_gc_interval", + "type" : "Duration", + "default" : "\"10m\"" + }, + { + "doc" : "The size of each batch of expired persistent sessions to be garbage collected per iteration.", + "hash" : "V-durable_sessions-S-durable_sessions-session_gc_batch_size", + "text" : "session_gc_batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Broker keeps messages sent to the durable sessions for this period of time.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-durable_sessions-S-durable_sessions-message_retention_period", + "text" : "message_retention_period", + "type" : "Duration", + "default" : "\"1d\"" + } + ], + "text" : "durable_sessions" + } + ], + "hash" : "V-durable_sessions", + "text" : "durable_sessions", + "type" : "Struct(durable_sessions)" + }, + { + "refs" : [ + { + "doc" : "Connectors that are used to connect to external systems", + "hash" : "T-connectors-S-connectors", + "fields" : [ + { + "doc" : "HTTP Connector Config", + "refs" : [ + { + "doc" : "Configuration for an HTTP action.", + "hash" : "T-connectors-S-connectors-http-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The URL of the HTTP action.
\nTemplate with variables is allowed in the path, but variables cannot be used in the scheme, host,\nor port part.
\nFor example, http://localhost:9901/${topic} is allowed, but\n http://${host}:9901/message or http://localhost:${port}/message \nis not allowed.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "The headers of the HTTP request.
\nTemplate with variables is allowed.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "The type of the pool. Can be one of `random`, `hash`.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "The pool size.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Deprecated since 5.3.2.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-request", + "text" : "request", + "type" : "Map" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-http", + "text" : "http", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "MQTT Connector Config", + "refs" : [ + { + "doc" : "Configurations for an MQTT connector.", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Size of the pool of MQTT clients that will publish messages to the remote broker.
\nEach MQTT client will be assigned 'clientid' of the form '${clientid_prefix}:${bridge_name}:egress:${node}:${n}'\nwhere 'n' is the number of a client inside the pool.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "Deprecated since v5.1.0 & e5.1.0.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-mode", + "text" : "mode", + "type" : "Enum(cluster_shareload)" + }, + { + "doc" : "The host and port of the remote MQTT broker", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Optional prefix to prepend to the clientid used by egress bridges.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clientid_prefix", + "text" : "clientid_prefix", + "type" : "String" + }, + { + "doc" : "Deprecated since v5.0.16.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-reconnect_interval", + "text" : "reconnect_interval", + "type" : "String" + }, + { + "doc" : "The MQTT protocol version", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-proto_ver", + "text" : "proto_ver", + "type" : "Enum(v3,v4,v5)", + "default" : "v4" + }, + { + "doc" : "If enable bridge mode.\nNOTE: This setting is only for MQTT protocol version older than 5.0, and the remote MQTT\nbroker MUST support this feature.\nIf bridge_mode is set to true, the bridge will indicate to the remote broker that it is a bridge not an ordinary client.\nThis means that loop detection will be more effective and that retained messages will be propagated correctly.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-bridge_mode", + "text" : "bridge_mode", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The username of the MQTT protocol", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password of the MQTT protocol
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to start a clean session when reconnecting a remote broker for ingress bridge", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clean_start", + "text" : "clean_start", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "MQTT Keepalive. Time interval is a string that contains a number followed by time unit:
- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n
or combination of whereof: `1h5m0s`", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "\"160s\"" + }, + { + "doc" : "Message retry interval. Delay for the MQTT bridge to retry sending the QoS1/QoS2 messages in case of ACK not received. Time interval is a string that contains a number followed by time unit:
- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n
or combination of whereof: `1h5m0s`", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-retry_interval", + "text" : "retry_interval", + "type" : "String", + "default" : "\"15s\"" + }, + { + "doc" : "Max inflight (sent, but un-acked) messages of the MQTT protocol", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-max_inflight", + "text" : "max_inflight", + "type" : "Integer(0..+inf)", + "default" : "32" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "ElasticSearch Connector Config", + "refs" : [ + { + "doc" : "Configuration for ElasticSearch bridge.", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "The type of the pool. Can be one of `random`, `hash`.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "The pool size.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Elasticsearch default port 9200 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-server", + "text" : "server", + "type" : "String", + "default" : "\"127.0.0.1:9200\"" + }, + { + "doc" : "Authentication configuration", + "refs" : [ + { + "doc" : "Basic Authentication", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic", + "fields" : [ + { + "doc" : "The username as configured at the ElasticSearch REST interface", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password as configured at the ElasticSearch REST interface
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_basic" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication", + "text" : "authentication", + "type" : "OneOf(Struct(auth_basic))" + } + ], + "text" : "config" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch", + "text" : "elasticsearch", + "type" : "Map($name->Struct(config))" + } + ], + "text" : "connectors" + } + ], + "hash" : "V-connectors", + "text" : "connectors", + "type" : "Struct(connectors)" + }, + { + "refs" : [ + { + "doc" : "Configuration for actions.", + "hash" : "T-actions-S-actions", + "fields" : [ + { + "doc" : "HTTP Action Config", + "refs" : [ + { + "doc" : "Configuration for an HTTP action.", + "hash" : "T-actions-S-actions-http-S-http_action", + "fields" : [ + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-http-S-http_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-http-S-http_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-http-S-http_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The parameters for HTTP action.", + "refs" : [ + { + "doc" : "The parameters for HTTP action.", + "hash" : "T-actions-S-actions-http-S-http_action-parameters-S-parameters_opts", + "fields" : [ + { + "doc" : "The URL path for this Action.
\nThis path will be appended to the Connector's url configuration to form the full\nURL address.\nTemplate with variables is allowed in this option. For example, /room/{$room_no}
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "The method of the HTTP request. All the available methods are: post, put, get, delete.
\nTemplate with variables is allowed.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-method", + "text" : "method", + "type" : "Enum(post,put,get,delete)", + "default" : "post" + }, + { + "doc" : "The headers of the HTTP request.
\nTemplate with variables is allowed.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}" + }, + { + "doc" : "The body of the HTTP request.
\nIf not provided, the body will be a JSON object of all the available fields.
\nThere, 'all the available fields' means the context of a MQTT message when\nthis webhook is triggered by receiving a MQTT message (the `local_topic` is set),\nor the context of the event when this webhook is triggered by a rule (i.e. this\nwebhook is used as an action of a rule).
\nTemplate with variables is allowed.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP request max retry times if failed.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + }, + { + "doc" : "Deprecated since v5.0.26.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "parameters_opts" + } + ], + "hash" : "V-actions-S-actions-http-S-http_action-parameters", + "text" : "parameters", + "type" : "Struct(parameters_opts)" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "http_action" + } + ], + "hash" : "V-actions-S-actions-http", + "aliases" : [ + "webhook" + ], + "text" : "http", + "type" : "Map($name->Struct(http_action))" + }, + { + "doc" : "MQTT Publisher Action Config", + "refs" : [ + { + "doc" : "Action configs.", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configs.", + "refs" : [ + { + "doc" : "Action specific configs.", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Forward to which topic of the remote broker.
\nTemplate with variables is allowed.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "The QoS of the MQTT message to be sent.
\nTemplate with variables is allowed.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-qos", + "text" : "qos", + "type" : "OneOf(Integer(0..2),String)", + "default" : "1" + }, + { + "doc" : "The 'retain' flag of the MQTT message to be sent.
\nTemplate with variables is allowed.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-retain", + "text" : "retain", + "type" : "OneOf(Boolean,String)", + "default" : "false" + }, + { + "doc" : "The payload of the MQTT message to be sent.
\nTemplate with variables is allowed.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-payload", + "text" : "payload", + "type" : "String" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "mqtt_publisher_action" + } + ], + "hash" : "V-actions-S-actions-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(mqtt_publisher_action))" + }, + { + "doc" : "Elasticsearch Bridge", + "refs" : [ + { + "doc" : "ElasticSearch Action Configuration", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config", + "fields" : [ + { + "doc" : "ElasticSearch action parameters", + "refs" : [ + { + "doc" : "Adds a JSON document to the specified index and makes it searchable.\nIf the target is an index and the document already exists,\nthe request updates the document and increments its version.", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create", + "fields" : [ + { + "doc" : "create", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-action", + "text" : "action", + "type" : "String(\"create\")" + }, + { + "doc" : "Name of index, or index alias to perform the action on.\nThis parameter is required.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "The document ID. If no ID is specified, a document ID is automatically generated.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "JSON document. If undefined, rule engine will use JSON format to serialize all visible inputs, such as clientid, topic, payload etc.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-doc", + "text" : "doc", + "type" : "String" + }, + { + "doc" : "Custom value used to route operations to a specific shard.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "If true, the request’s actions must target an index alias. Defaults to false", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-require_alias", + "text" : "require_alias", + "type" : "Boolean" + }, + { + "doc" : "Set to false If a document with the specified _id already exists(conflict), the operation will fail.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-overwrite", + "text" : "overwrite", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "HTTP request max retry times if failed.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_create" + }, + { + "doc" : "Removes a JSON document from the specified index.", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete", + "fields" : [ + { + "doc" : "delete", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-action", + "text" : "action", + "type" : "String(\"delete\")" + }, + { + "doc" : "Name of index, or index alias to perform the action on.\nThis parameter is required.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "The document ID. If no ID is specified, a document ID is automatically generated.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "Custom value used to route operations to a specific shard.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "HTTP request max retry times if failed.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_delete" + }, + { + "doc" : "Updates a document using the specified doc.", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update", + "fields" : [ + { + "doc" : "update", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-action", + "text" : "action", + "type" : "String(\"update\")" + }, + { + "doc" : "Name of index, or index alias to perform the action on.\nThis parameter is required.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "The document ID. If no ID is specified, a document ID is automatically generated.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "JSON document. If undefined, rule engine will use JSON format to serialize all visible inputs, such as clientid, topic, payload etc.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc", + "text" : "doc", + "type" : "String" + }, + { + "doc" : "Instead of sending a partial doc plus an upsert doc,\nyou can set doc_as_upsert to true to use the contents of doc as the upsert value.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc_as_upsert", + "text" : "doc_as_upsert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Custom value used to route operations to a specific shard.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "If true, the request’s actions must target an index alias. Defaults to false", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-require_alias", + "text" : "require_alias", + "type" : "Boolean" + }, + { + "doc" : "HTTP request max retry times if failed.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_update" + } + ], + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(action_create),Struct(action_delete),Struct(action_update))" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "action_config" + } + ], + "hash" : "V-actions-S-actions-elasticsearch", + "text" : "elasticsearch", + "type" : "Map($action_name->Struct(action_config))" + } + ], + "text" : "actions" + } + ], + "hash" : "V-actions", + "text" : "actions", + "type" : "Struct(actions)" + }, + { + "refs" : [ + { + "doc" : "Configuration for sources.", + "hash" : "T-sources-S-sources", + "fields" : [ + { + "doc" : "MQTT Subscriber Source Config", + "refs" : [ + { + "doc" : "Source configs.", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source", + "fields" : [ + { + "refs" : [ + { + "doc" : "Source specific configs.", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters", + "fields" : [ + { + "doc" : "Receive messages from which topic of the remote broker", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "The QoS level to be used when subscribing to the remote broker", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "1" + } + ], + "text" : "ingress_parameters" + } + ], + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters", + "text" : "parameters", + "type" : "Struct(ingress_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "source_resource_opts" + } + ], + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts", + "text" : "resource_opts", + "type" : "Struct(source_resource_opts)", + "default" : "{}" + } + ], + "text" : "mqtt_subscriber_source" + } + ], + "hash" : "V-sources-S-sources-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(mqtt_subscriber_source))" + } + ], + "text" : "sources" + } + ], + "hash" : "V-sources", + "text" : "sources", + "type" : "Struct(sources)" + }, + { + "refs" : [ + { + "doc" : "Configuration related to handling `PUBLISH` packets with a `retain` flag set to 1.", + "hash" : "T-retainer-S-retainer", + "fields" : [ + { + "doc" : "Expired retained messages will not be delivered again, and a setting of 0 means that retained messages will never expire.\n\nHowever, if the `Message-Expiry-Interval` property is specified in the MQTT message, the value of that property prevails.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-retainer-S-retainer-msg_expiry_interval", + "text" : "msg_expiry_interval", + "type" : "Duration", + "default" : "\"0s\"" + }, + { + "doc" : "If set, this value will take precedence over any `Message-Expiry-Interval` property specified in retained MQTT messages, allowing messages to expire earlier if necessary. This override only applies to the garbage collection process: it does not affect the expiry time of messages being written nor that of already written messages while iterating over them. Therefore, messages that are candidate for garbage collection when overridden may still be visible when subscribing to retained topics.", + "hash" : "V-retainer-S-retainer-msg_expiry_interval_override", + "text" : "msg_expiry_interval_override", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "disabled" + }, + { + "doc" : "If true, retained messages set to never expire (i.e., whose `Message-Expiry-Interval = 0`) are not affected by the expiry time override. This configuration only takes effect when `msg_expiry_interval_override` is set.", + "hash" : "V-retainer-S-retainer-allow_never_expire", + "text" : "allow_never_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The time interval for checking and clearing expired retained messages. This can prevent expired retained messages from being stored for a long time.\n\nIf `msg_clear_interval` is set to 0, that is, expired retained messages are not actively checked regularly, EMQX will only check and delete expired retained messages when preparing for delivery.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-retainer-S-retainer-msg_clear_interval", + "text" : "msg_clear_interval", + "type" : "Duration", + "default" : "\"0s\"" + }, + { + "doc" : "The maximum size of retained messages allowed to be stored. EMQX will refuse to store retained messages larger than this size and output an Error log with the keyword 'retain_failed_for_payload_size_exceeded_limit'.\n\n0 means unlimited retained message size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-retainer-S-retainer-max_payload_size", + "text" : "max_payload_size", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "When the retained flag of the `PUBLISH` message is set and Payload is empty,\nwhether to continue to publish the message.\nSee:\nhttp://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718038", + "hash" : "V-retainer-S-retainer-stop_publish_clear_msg", + "text" : "stop_publish_clear_msg", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The maximum rate of delivering retained messages", + "hash" : "V-retainer-S-retainer-delivery_rate", + "aliases" : [ + "deliver_rate" + ], + "text" : "delivery_rate", + "type" : "String", + "default" : "\"1000/s\"" + }, + { + "doc" : "Settings for the database storing the retained messages.", + "refs" : [ + { + "doc" : "Configuration of the internal database storing retained messages.", + "hash" : "T-retainer-S-retainer-backend-S-mnesia_config", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-type", + "text" : "type", + "type" : "String(\"built_in_database\")", + "default" : "built_in_database" + }, + { + "doc" : "Specifies whether the messages are stored in RAM or persisted on disc.", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-storage_type", + "text" : "storage_type", + "type" : "Enum(ram,disc)", + "default" : "ram" + }, + { + "doc" : "Maximum number of retained messages. 0 means no limit.", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-max_retained_messages", + "text" : "max_retained_messages", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Retainer index specifications: list of arrays of positive ascending integers. Each array specifies an index. Numbers in an index specification are 1-based word positions in topics. Words from specified positions will be used for indexing.
For example, it is good to have [2, 4] index to optimize +/X/+/Y/... topic wildcard subscriptions.", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-index_specs", + "text" : "index_specs", + "type" : "Array(Integer)", + "default" : "[[1, 2, 3], [1, 3], [2, 3], [3]]" + } + ], + "text" : "mnesia_config" + } + ], + "hash" : "V-retainer-S-retainer-backend", + "text" : "backend", + "type" : "Struct(mnesia_config)" + } + ], + "text" : "retainer" + } + ], + "hash" : "V-retainer", + "text" : "retainer", + "type" : "Struct(retainer)" + }, + { + "refs" : [ + { + "doc" : "Whether to enable telemetry to allow EMQX to collect relevant usage information and share it with EMQ for the purpose of enhancing your product experience, and in no case will EMQX collect personal information about you, such as your MAC address, IP address, content of messages sent.\n\nSee https://docs.emqx.com/en/emqx/latest/telemetry/telemetry.html for more details.", + "hash" : "T-telemetry-S-telemetry", + "fields" : [ + { + "doc" : "Set to `false` disable telemetry data report", + "hash" : "V-telemetry-S-telemetry-enable", + "text" : "enable", + "type" : "Boolean" + } + ], + "text" : "telemetry" + } + ], + "hash" : "V-telemetry", + "text" : "telemetry", + "type" : "Struct(telemetry)" + }, + { + "refs" : [ + { + "doc" : "Settings for the delayed module.", + "hash" : "T-delayed-S-delayed", + "fields" : [ + { + "doc" : "Maximum number of delayed messages (0 is no limit).", + "hash" : "V-delayed-S-delayed-max_delayed_messages", + "text" : "max_delayed_messages", + "type" : "Integer", + "default" : "0" + } + ], + "text" : "delayed" + } + ], + "hash" : "V-delayed", + "text" : "delayed", + "type" : "Struct(delayed)" + }, + { + "refs" : [ + { + "doc" : "Manage EMQX plugins.
\nPlugins can be pre-built as a part of EMQX package,\nor installed as a standalone package in a location specified by\ninstall_dir config key
\nThe standalone-installed plugins are referred to as 'external' plugins.", + "hash" : "T-plugins-S-plugins", + "fields" : [ + { + "doc" : "An array of plugins in the desired states.
\nThe plugins are started in the defined order", + "refs" : [ + { + "doc" : "A per-plugin config to describe the desired state of the plugin.", + "hash" : "T-plugins-S-plugins-states-S-state", + "fields" : [ + { + "doc" : "The `{name}-{version}` of the plugin.
\nIt should match the plugin application name-version as plugin release package name
\nFor example: `my_plugin-0.1.0`.", + "hash" : "V-plugins-S-plugins-states-S-state-name_vsn", + "text" : "name_vsn", + "type" : "String" + } + ], + "text" : "state" + } + ], + "hash" : "V-plugins-S-plugins-states", + "text" : "states", + "type" : "Array(Struct(state))", + "default" : "[]" + }, + { + "doc" : "The installation directory for the external plugins.\nThe plugin beam files and configuration files should reside in\nthe subdirectory named as emqx_foo_bar-0.1.0.\n
\nNOTE: For security reasons, this directory should **NOT** be writable\nby anyone except emqx (or any user which runs EMQX).", + "hash" : "V-plugins-S-plugins-install_dir", + "text" : "install_dir", + "type" : "String", + "default" : "plugins" + }, + { + "doc" : "Deprecated since 5.0.24.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-plugins-S-plugins-check_interval", + "text" : "check_interval", + "type" : "Duration" + } + ], + "text" : "plugins" + } + ], + "hash" : "V-plugins", + "text" : "plugins", + "type" : "Struct(plugins)" + }, + { + "refs" : [ + { + "doc" : "Configuration for EMQX dashboard.", + "hash" : "T-dashboard-S-dashboard", + "fields" : [ + { + "doc" : "HTTP(s) listeners are identified by their protocol type and are\nused to serve dashboard UI and restful HTTP API.\nListeners must have a unique combination of port number and IP address.\nFor example, an HTTP listener can listen on all configured IP addresses\non a given port for a machine by specifying the IP address 0.0.0.0.\nAlternatively, the HTTP listener can specify a unique IP address for each listener,\nbut use the same port.", + "refs" : [ + { + "doc" : "Configuration for the dashboard listener.", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners", + "fields" : [ + { + "doc" : "TCP listeners", + "refs" : [ + { + "doc" : "Configuration for the dashboard listener (plaintext).", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-http-S-http", + "fields" : [ + { + "doc" : "Bind the listener to a specified address and port number, for example `127.0.0.1:18083`.\nIf configured with just the port number (e.g. `18083`) it's equivalent to binding to all addresses `0.0.0.0`.\nThe listener is disabled if `bind` is `0`.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-bind", + "text" : "bind", + "type" : "String", + "default" : "0" + }, + { + "doc" : "Socket acceptor pool size for TCP protocols. Default is the number of schedulers online", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-num_acceptors", + "text" : "num_acceptors", + "type" : "Integer", + "default" : "2" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-max_connections", + "text" : "max_connections", + "type" : "Integer", + "default" : "512" + }, + { + "doc" : "Defines the maximum length that the queue of pending connections can grow to.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-backlog", + "text" : "backlog", + "type" : "Integer", + "default" : "1024" + }, + { + "doc" : "Send timeout for the socket.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Enable IPv6 support, default is false, which means IPv4 only.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-inet6", + "text" : "inet6", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Disable IPv4-to-IPv6 mapping for the listener.\nThe configuration is only valid when the inet6 is true.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-ipv6_v6only", + "text" : "ipv6_v6only", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Enable support for `HAProxy` header. Be aware once enabled regular HTTP requests can't be handled anymore.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-proxy_header", + "text" : "proxy_header", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "http" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http", + "text" : "http", + "type" : "Struct(http)" + }, + { + "doc" : "SSL listeners", + "refs" : [ + { + "doc" : "Configuration for the dashboard listener (TLS).", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https", + "fields" : [ + { + "doc" : "Bind the listener to a specified address and port number, for example `127.0.0.1:18083`.\nIf configured with just the port number (e.g. `18083`) it's equivalent to binding to all addresses `0.0.0.0`.\nThe listener is disabled if `bind` is `0`.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-bind", + "text" : "bind", + "type" : "String", + "default" : "0" + }, + { + "doc" : "SSL/TLS options for the dashboard listener.", + "refs" : [ + { + "doc" : "SSL/TLS options for the dashboard listener.", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ssl_options" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_options)" + }, + { + "doc" : "Socket acceptor pool size for TCP protocols. Default is the number of schedulers online", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-num_acceptors", + "text" : "num_acceptors", + "type" : "Integer", + "default" : "2" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-max_connections", + "text" : "max_connections", + "type" : "Integer", + "default" : "512" + }, + { + "doc" : "Defines the maximum length that the queue of pending connections can grow to.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-backlog", + "text" : "backlog", + "type" : "Integer", + "default" : "1024" + }, + { + "doc" : "Send timeout for the socket.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Enable IPv6 support, default is false, which means IPv4 only.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-inet6", + "text" : "inet6", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Disable IPv4-to-IPv6 mapping for the listener.\nThe configuration is only valid when the inet6 is true.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ipv6_v6only", + "text" : "ipv6_v6only", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Enable support for `HAProxy` header. Be aware once enabled regular HTTP requests can't be handled anymore.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-proxy_header", + "text" : "proxy_header", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "https" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https", + "text" : "https", + "type" : "Struct(https)" + } + ], + "text" : "listeners" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners", + "text" : "listeners", + "type" : "Struct(listeners)" + }, + { + "doc" : "The password used to initialize a database record for `admin` user.\nNOTE: Changing the default password after it has been initialized (boot up for the fist time) has no effect.\nOnce initialized, the default password `public` must be changed from dashboard or CLI as soon as possible.", + "hash" : "V-dashboard-S-dashboard-default_password", + "text" : "default_password", + "type" : "String", + "default" : "public" + }, + { + "doc" : "JWT token expiration time. Default is 60 minutes
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-token_expired_time", + "text" : "token_expired_time", + "type" : "Duration", + "default" : "\"60m\"" + }, + { + "doc" : "Support Cross-Origin Resource Sharing (CORS).\nAllows a server to indicate any origins (domain, scheme, or port) other than\nits own from which a browser should permit loading resources.", + "hash" : "V-dashboard-S-dashboard-cors", + "text" : "cors", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Enable or disable support for swagger API documentation.", + "hash" : "V-dashboard-S-dashboard-swagger_support", + "text" : "swagger_support", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "dashboard" + } + ], + "hash" : "V-dashboard", + "text" : "dashboard", + "type" : "Struct(dashboard)" + }, + { + "refs" : [ + { + "doc" : "EMQX Gateway configuration root.", + "hash" : "T-gateway-S-gateway", + "fields" : [ + { + "refs" : [ + { + "doc" : "The CoAP protocol gateway provides EMQX with the access capability of the CoAP protocol.\nIt allows publishing, subscribing, and receiving messages to EMQX in accordance\nwith a certain defined CoAP message format.", + "hash" : "T-gateway-S-gateway-coap-S-coap", + "fields" : [ + { + "doc" : "The gateway server required minimum heartbeat interval.\nWhen connection mode is enabled, this parameter is used to set the minimum heartbeat interval for the connection to be alive
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-heartbeat", + "text" : "heartbeat", + "type" : "Duration(s)", + "default" : "\"30s\"" + }, + { + "doc" : "Enable or disable connection mode.\nConnection mode is a feature of non-standard protocols. When connection mode is enabled, it is necessary to maintain the creation, authentication and alive of connection resources", + "hash" : "V-gateway-S-gateway-coap-S-coap-connection_required", + "text" : "connection_required", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The Notification Message will be delivered to the CoAP client if a new message received on an observed topic.\nThe type of delivered coap message can be set to:
\n - non: Non-confirmable;
\n - con: Confirmable;
\n - qos: Mapping from QoS type of received message, QoS0 -> non, QoS1,2 -> con", + "hash" : "V-gateway-S-gateway-coap-S-coap-notify_type", + "text" : "notify_type", + "type" : "Enum(non,con,qos)", + "default" : "qos" + }, + { + "doc" : "The Default QoS Level indicator for subscribe request.\nThis option specifies the QoS level for the CoAP Client when establishing a subscription membership, if the subscribe request is not carried `qos` option. The indicator can be set to:
\n - qos0, qos1, qos2: Fixed default QoS level
\n - coap: Dynamic QoS level by the message type of subscribe request
\n * qos0: If the subscribe request is non-confirmable
\n * qos1: If the subscribe request is confirmable", + "hash" : "V-gateway-S-gateway-coap-S-coap-subscribe_qos", + "text" : "subscribe_qos", + "type" : "Enum(qos0,qos1,qos2,coap)", + "default" : "coap" + }, + { + "doc" : "The Default QoS Level indicator for publish request.\nThis option specifies the QoS level for the CoAP Client when publishing a message to EMQX PUB/SUB system, if the publish request is not carried `qos` option. The indicator can be set to:
\n - qos0, qos1, qos2: Fixed default QoS level
\n - coap: Dynamic QoS level by the message type of publish request
\n * qos0: If the publish request is non-confirmable
\n * qos1: If the publish request is confirmable", + "hash" : "V-gateway-S-gateway-coap-S-coap-publish_qos", + "text" : "publish_qos", + "type" : "Enum(qos0,qos1,qos2,coap)", + "default" : "coap" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-coap-S-coap-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS socket options", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-coap-S-coap-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "coap" + } + ], + "hash" : "V-gateway-S-gateway-coap", + "text" : "coap", + "type" : "Struct(coap)" + }, + { + "refs" : [ + { + "doc" : "Settings for EMQX extension protocol (exproto).", + "hash" : "T-gateway-S-gateway-exproto-S-exproto", + "fields" : [ + { + "doc" : "Configurations for starting the ConnectionAdapter service", + "refs" : [ + { + "doc" : "Settings for the exproto gRPC server.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server", + "fields" : [ + { + "doc" : "Listening address and port for the gRPC server.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "SSL configuration for the gRPC server.", + "refs" : [ + { + "doc" : "SSL configuration for the server.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ssl_server_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_server_opts)" + } + ], + "text" : "exproto_grpc_server" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server", + "text" : "server", + "type" : "Struct(exproto_grpc_server)" + }, + { + "doc" : "Configurations for request to ConnectionHandler service", + "refs" : [ + { + "doc" : "Settings for the exproto gRPC connection handler.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler", + "fields" : [ + { + "doc" : "gRPC server address.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-address", + "text" : "address", + "type" : "String" + }, + { + "doc" : "The service name to handle the connection events.\nIn the initial version, we expected to use streams to improve the efficiency\nof requests in `ConnectionHandler`. But unfortunately, events between different\nstreams are out of order. It causes the `OnSocketCreated` event to may arrive\nlater than `OnReceivedBytes`.\nSo we added the `ConnectionUnaryHandler` service since v5.0.25 and forced\nthe use of Unary in it to avoid ordering problems.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-service_name", + "text" : "service_name", + "type" : "OneOf(String(\"ConnectionHandler\"),String(\"ConnectionUnaryHandler\"))", + "default" : "ConnectionUnaryHandler" + }, + { + "doc" : "SSL configuration for the gRPC client.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)" + } + ], + "text" : "exproto_grpc_handler" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler", + "text" : "handler", + "type" : "Struct(exproto_grpc_handler)" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for TCP and UDP listeners.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket options.", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS socket options", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "tcp_udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners", + "text" : "listeners", + "type" : "Struct(tcp_udp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "exproto" + } + ], + "hash" : "V-gateway-S-gateway-exproto", + "text" : "exproto", + "type" : "Struct(exproto)" + }, + { + "refs" : [ + { + "doc" : "The LwM2M protocol gateway.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m", + "fields" : [ + { + "doc" : "The Directory for LwM2M Resource definition.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-xml_dir", + "text" : "xml_dir", + "type" : "String" + }, + { + "doc" : "Minimum value of lifetime allowed to be set by the LwM2M client.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_min", + "text" : "lifetime_min", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Maximum value of lifetime allowed to be set by the LwM2M client.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_max", + "text" : "lifetime_max", + "type" : "Duration", + "default" : "\"86400s\"" + }, + { + "doc" : "The value of the time window during which the network link is considered valid by the LwM2M Gateway in QMode mode.\nFor example, after receiving an update message from a client, any messages within this time window are sent directly to the LwM2M client, and all messages beyond this time window are temporarily stored in memory.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-qmode_time_window", + "text" : "qmode_time_window", + "type" : "Duration(s)", + "default" : "\"22s\"" + }, + { + "doc" : "Automatically observe the object list of REGISTER packet.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-auto_observe", + "text" : "auto_observe", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Policy for publishing UPDATE event message.
\n - always: send update events as long as the UPDATE request is received.
\n - contains_object_list: send update events only if the UPDATE request carries any Object List", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-update_msg_publish_condition", + "text" : "update_msg_publish_condition", + "type" : "Enum(always,contains_object_list)", + "default" : "contains_object_list" + }, + { + "doc" : "Topic configuration for LwM2M's gateway publishing and subscription.", + "refs" : [ + { + "doc" : "MQTT topics that correspond to LwM2M events.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators", + "fields" : [ + { + "doc" : "The topic for receiving downstream commands.\nFor each new LwM2M client that succeeds in going online, the gateway creates a subscription relationship to receive downstream commands and send it to the LwM2M client", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator", + "fields" : [ + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS Level", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command", + "text" : "command", + "type" : "Struct(translator)" + }, + { + "doc" : "The topic for gateway to publish the acknowledge events from LwM2M client", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator", + "fields" : [ + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS Level", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response", + "text" : "response", + "type" : "Struct(translator)" + }, + { + "doc" : "The topic for gateway to publish the notify events from LwM2M client.\nAfter succeed observe a resource of LwM2M client, Gateway will send the notify events via this topic, if the client reports any resource changes", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator", + "fields" : [ + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS Level", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify", + "text" : "notify", + "type" : "Struct(translator)" + }, + { + "doc" : "The topic for gateway to publish the register events from LwM2M client.", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator", + "fields" : [ + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS Level", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register", + "text" : "register", + "type" : "Struct(translator)" + }, + { + "doc" : "The topic for gateway to publish the update events from LwM2M client", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator", + "fields" : [ + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS Level", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update", + "text" : "update", + "type" : "Struct(translator)" + } + ], + "text" : "lwm2m_translators" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators", + "text" : "translators", + "type" : "Struct(lwm2m_translators)" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"lwm2m/${endpoint_name}/\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS socket options", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "lwm2m" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m", + "text" : "lwm2m", + "type" : "Struct(lwm2m)" + }, + { + "refs" : [ + { + "doc" : "The MQTT-SN (MQTT for Sensor Networks) protocol gateway.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn", + "fields" : [ + { + "doc" : "MQTT-SN Gateway ID.\nWhen the broadcast option is enabled, the gateway will broadcast ADVERTISE message with this value", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-gateway_id", + "text" : "gateway_id", + "type" : "Integer", + "default" : "1" + }, + { + "doc" : "Whether to periodically broadcast ADVERTISE messages", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-broadcast", + "text" : "broadcast", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Allows connectionless clients to publish messages with a Qos of -1.\nThis feature is defined for very simple client implementations which do not support any other features except this one. There is no connection setup nor tear down, no registration nor subscription. The client just sends its 'PUBLISH' messages to a GW", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_qos3", + "text" : "enable_qos3", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Whether to initiate all subscribed topic name registration messages to the client after the Session has been taken over by a new channel", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-subs_resume", + "text" : "subs_resume", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The pre-defined topic IDs and topic names.\nA 'pre-defined' topic ID is a topic ID whose mapping to a topic name is known in advance by both the client's application and the gateway", + "refs" : [ + { + "doc" : "The pre-defined topic name corresponding to the pre-defined topic\nID of N.\n\nNote: the pre-defined topic ID of 0 is reserved.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined", + "fields" : [ + { + "doc" : "Topic ID. Range: 1-65535", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-id", + "text" : "id", + "type" : "Integer(1..1024)" + }, + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-topic", + "text" : "topic", + "type" : "String" + } + ], + "text" : "mqttsn_predefined" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined", + "text" : "predefined", + "type" : "Array(Struct(mqttsn_predefined))", + "default" : "[]" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS socket options", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "mqttsn" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn", + "text" : "mqttsn", + "type" : "Struct(mqttsn)" + }, + { + "refs" : [ + { + "doc" : "The STOMP protocol gateway provides EMQX with the ability to access STOMP\n(Simple (or Streaming) Text Orientated Messaging Protocol) protocol.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp", + "fields" : [ + { + "refs" : [ + { + "doc" : "Size limits for the STOMP frames.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame", + "fields" : [ + { + "doc" : "The maximum number of Header", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers", + "text" : "max_headers", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "The maximum string length of the Header Value", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers_length", + "text" : "max_headers_length", + "type" : "Integer(0..+inf)", + "default" : "1024" + }, + { + "doc" : "Maximum number of bytes of Body allowed per Stomp packet", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_body_length", + "text" : "max_body_length", + "type" : "Integer", + "default" : "65536" + } + ], + "text" : "stomp_frame" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame", + "text" : "frame", + "type" : "Struct(stomp_frame)" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the TCP listeners.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket options.", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + } + ], + "text" : "tcp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners", + "text" : "listeners", + "type" : "Struct(tcp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "stomp" + } + ], + "hash" : "V-gateway-S-gateway-stomp", + "text" : "stomp", + "type" : "Struct(stomp)" + } + ], + "text" : "gateway" + } + ], + "hash" : "V-gateway", + "text" : "gateway", + "type" : "Struct(gateway)" + }, + { + "refs" : [ + { + "doc" : "Recommended setting", + "hash" : "T-prometheus-S-recommend_setting", + "fields" : [ + { + "doc" : "Enable or disable basic authentication for prometheus scrape api, not for Push Gateway", + "hash" : "V-prometheus-S-recommend_setting-enable_basic_auth", + "text" : "enable_basic_auth", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Push Gateway is optional, should not be configured if prometheus is to scrape EMQX.", + "refs" : [ + { + "doc" : "Push Gateway is optional, should not be configured if prometheus is to scrape EMQX.", + "hash" : "T-prometheus-S-recommend_setting-push_gateway-S-push_gateway", + "fields" : [ + { + "doc" : "Enable or disable Pushgateway", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL of Pushgateway server. Pushgateway is optional, should not be configured if prometheus is to scrape EMQX.", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-url", + "text" : "url", + "type" : "String", + "default" : "\"http://127.0.0.1:9091\"" + }, + { + "doc" : "Data reporting interval
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-interval", + "text" : "interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "An HTTP Headers when pushing to Push Gateway.
\nFor example, { Authorization = \"some-authz-tokens\"}", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-headers", + "text" : "headers", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Job Name that is pushed to the Push Gateway. Available variables:
\n- ${name}: Name of EMQX node.
\n- ${host}: Host name of EMQX node.
\nFor example, when the EMQX node name is emqx@127.0.0.1 then the name\nvariable takes value emqx and the host variable takes value 127.0.0.1.\nDefault value is: ${name}/instance/${name}~${host}", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-job_name", + "text" : "job_name", + "type" : "String", + "default" : "\"${name}/instance/${name}~${host}\"" + } + ], + "text" : "push_gateway" + } + ], + "hash" : "V-prometheus-S-recommend_setting-push_gateway", + "text" : "push_gateway", + "type" : "Struct(push_gateway)" + }, + { + "doc" : "The internal advanced metrics of the virtual machine are initially disabled\nand are usually only enabled during performance testing.\nEnabling them will increase the CPU load.", + "refs" : [ + { + "doc" : "The internal advanced metrics of the virtual machine are initially disabled\nand are usually only enabled during performance testing.\nEnabling them will increase the CPU load.", + "hash" : "T-prometheus-S-recommend_setting-collectors-S-collectors", + "fields" : [ + { + "doc" : "Enable or disable VM distribution collector,\ncollects information about the sockets and processes involved in the Erlang distribution mechanism.", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_dist", + "text" : "vm_dist", + "type" : "Enum(disabled,enabled)", + "default" : "disabled" + }, + { + "doc" : "Collects Mnesia metrics mainly using mnesia:system_info/1 ", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-mnesia", + "text" : "mnesia", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Enable or disable VM statistics collector.", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_statistics", + "text" : "vm_statistics", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Enable or disable VM system info collector.", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_system_info", + "text" : "vm_system_info", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Collects information about memory dynamically allocated by the Erlang emulator using\n erlang:memory/0 .", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_memory", + "text" : "vm_memory", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Enable or disable VM microstate accounting metrics collector.", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_msacc", + "text" : "vm_msacc", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + } + ], + "text" : "collectors" + } + ], + "hash" : "V-prometheus-S-recommend_setting-collectors", + "text" : "collectors", + "type" : "Struct(collectors)" + } + ], + "text" : "recommend_setting" + }, + { + "doc" : "Deprecated since 5.4.0", + "hash" : "T-prometheus-S-legacy_deprecated_setting", + "fields" : [ + { + "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.url` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-push_gateway_server", + "text" : "push_gateway_server", + "type" : "String", + "default" : "\"http://127.0.0.1:9091\"" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.interval` instead
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-prometheus-S-legacy_deprecated_setting-interval", + "text" : "interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.headers` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-headers", + "text" : "headers", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.job_name` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-job_name", + "text" : "job_name", + "type" : "String", + "default" : "\"${name}/instance/${name}~${host}\"" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.url` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_dist` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_dist_collector", + "text" : "vm_dist_collector", + "type" : "Enum(disabled,enabled)", + "default" : "disabled" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.mnesia` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-mnesia_collector", + "text" : "mnesia_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_statistics` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_statistics_collector", + "text" : "vm_statistics_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Deprecated, use `prometheus.collectors.vm_system_info` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_system_info_collector", + "text" : "vm_system_info_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_memory` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_memory_collector", + "text" : "vm_memory_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_msacc` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_msacc_collector", + "text" : "vm_msacc_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + } + ], + "text" : "legacy_deprecated_setting" + } + ], + "hash" : "V-prometheus", + "text" : "prometheus", + "type" : "OneOf(Struct(recommend_setting),Struct(legacy_deprecated_setting))", + "default" : "{}" + }, + { + "refs" : [ + { + "doc" : "External hook (exhook) configuration.", + "hash" : "T-exhook-S-exhook", + "fields" : [ + { + "doc" : "List of exhook servers", + "refs" : [ + { + "doc" : "gRPC server configuration.", + "hash" : "T-exhook-S-exhook-servers-S-server", + "fields" : [ + { + "doc" : "Name of the exhook server", + "hash" : "V-exhook-S-exhook-servers-S-server-name", + "text" : "name", + "type" : "String" + }, + { + "doc" : "URL of the gRPC server", + "hash" : "V-exhook-S-exhook-servers-S-server-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "The timeout of request gRPC server
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-exhook-S-exhook-servers-S-server-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The value that is returned when the request to the gRPC server fails for any reason", + "hash" : "V-exhook-S-exhook-servers-S-server-failed_action", + "text" : "failed_action", + "type" : "Enum(deny,ignore)", + "default" : "deny" + }, + { + "refs" : [ + { + "doc" : "SSL client configuration.", + "hash" : "T-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_conf" + } + ], + "hash" : "V-exhook-S-exhook-servers-S-server-ssl", + "text" : "ssl", + "type" : "Struct(ssl_conf)" + }, + { + "refs" : [ + { + "doc" : "Connection socket options", + "hash" : "T-exhook-S-exhook-servers-S-server-socket_options-S-socket_options", + "fields" : [ + { + "doc" : "Enables/disables periodic transmission on a connected socket when no other data is exchanged.\nIf the other end does not respond, the connection is considered broken and an error message is sent to the controlling process.", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-keepalive", + "text" : "keepalive", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "If true, option TCP_NODELAY is turned on for the socket,\nwhich means that also small amounts of data are sent immediately", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum size of receive buffer to use for the socket
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The minimum size of send buffer to use for the socket
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + } + ], + "text" : "socket_options" + } + ], + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options", + "text" : "socket_options", + "type" : "Struct(socket_options)", + "default" : "{keepalive = true, nodelay = true}" + }, + { + "doc" : "Whether to automatically reconnect (initialize) the gRPC server.\nWhen gRPC is not available, Exhook tries to request the gRPC service at that interval and reinitialize the list of mounted hooks.", + "hash" : "V-exhook-S-exhook-servers-S-server-auto_reconnect", + "text" : "auto_reconnect", + "type" : "OneOf(String(\"false\"),Duration)", + "default" : "\"60s\"" + }, + { + "doc" : "The process pool size for gRPC client", + "hash" : "V-exhook-S-exhook-servers-S-server-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + } + ], + "text" : "server" + } + ], + "hash" : "V-exhook-S-exhook-servers", + "text" : "servers", + "type" : "Array(Struct(server))", + "default" : "[]" + } + ], + "text" : "exhook" + } + ], + "hash" : "V-exhook", + "text" : "exhook", + "type" : "Struct(exhook)" + }, + { + "refs" : [ + { + "doc" : "PSK stands for 'Pre-Shared Keys'.\nThis config to enable TLS-PSK authentication.\n\nImportant! Make sure the SSL listener with only tlsv1.2 enabled, and also PSK cipher suites\nconfigured, such as RSA-PSK-AES256-GCM-SHA384.\n\nSee listener SSL options config for more details.\n\nThe IDs and secrets can be provided from a file which is configurable by the init_file field.", + "hash" : "T-psk_authentication-S-psk_authentication", + "fields" : [ + { + "doc" : "Whether to enable TLS PSK support", + "hash" : "V-psk_authentication-S-psk_authentication-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If init_file is specified, EMQX will import PSKs from the file into the built-in database at startup for use by the runtime.\nThe file has to be structured line-by-line, each line must be in the format of PSKIdentity:SharedSecret.\nFor example: mydevice1:c2VjcmV0", + "hash" : "V-psk_authentication-S-psk_authentication-init_file", + "text" : "init_file", + "type" : "String" + }, + { + "doc" : "The separator between PSKIdentity and SharedSecret in the PSK file", + "hash" : "V-psk_authentication-S-psk_authentication-separator", + "text" : "separator", + "type" : "String", + "default" : "\":\"" + }, + { + "doc" : "The size of each chunk used to import to the built-in database from PSK file", + "hash" : "V-psk_authentication-S-psk_authentication-chunk_size", + "text" : "chunk_size", + "type" : "Integer", + "default" : "50" + } + ], + "text" : "psk_authentication" + } + ], + "hash" : "V-psk_authentication", + "text" : "psk_authentication", + "type" : "Struct(psk_authentication)" + }, + { + "refs" : [ + { + "doc" : "Configuration for `slow_subs` feature.", + "hash" : "T-slow_subs-S-slow_subs", + "fields" : [ + { + "doc" : "Enable Slow Subscriptions", + "hash" : "V-slow_subs-S-slow_subs-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The Client ID and topic of the consumer whose message latency is greater than this threshold will be recorded in the slow subscription list.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-slow_subs-S-slow_subs-threshold", + "text" : "threshold", + "type" : "Duration", + "default" : "\"500ms\"" + }, + { + "doc" : "The expiration time of the slow subscription record, if the record is not updated within the expiration time, then the record will be deleted.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-slow_subs-S-slow_subs-expire_interval", + "text" : "expire_interval", + "type" : "Duration", + "default" : "\"300s\"" + }, + { + "doc" : "The maximum number of slow-subscription records, up to a maximum of 1000.", + "hash" : "V-slow_subs-S-slow_subs-top_k_num", + "text" : "top_k_num", + "type" : "Integer(1..+inf)", + "default" : "10" + }, + { + "doc" : "Message latency calculation method:\n\n- `whole`: The time from when the message arrives at the EMQX (the EMQX gets the message from the receive-buffer) until the message completes delivery.\n- `internal`: The time from when the message arrives at the EMQX (the EMQX gets the message from the receive-buffer) to when the message begins to be delivered (the EMQX attempts to write the message to the send-buffer).\n- `response`: The time from the start of message delivery to the completion.\n\nNote: The completion delivery time refers to the time when QoS 1 and 2 messages complete the MQTT message response process, i.e., the time when QoS 1 message receives the PUBACK packet and QoS 2 message receives the PUBCOMP packet.\nSince there is no response packet for QoS 0 message, the completion delivery time of the QoS 0 message will be replaced by the time when the message starts to be delivered. Therefore, when using the `response` method to calculate the latency, the latency of a QoS 0 message will always be equal to 0.", + "hash" : "V-slow_subs-S-slow_subs-stats_type", + "text" : "stats_type", + "type" : "Enum(whole,internal,response)", + "default" : "whole" + } + ], + "text" : "slow_subs" + } + ], + "hash" : "V-slow_subs", + "text" : "slow_subs", + "type" : "Struct(slow_subs)" + }, + { + "refs" : [ + { + "doc" : "Open Telemetry Toolkit configuration", + "hash" : "T-opentelemetry-S-opentelemetry", + "fields" : [ + { + "doc" : "Open Telemetry Metrics configuration.", + "refs" : [ + { + "doc" : "Open Telemetry Metrics configuration.", + "hash" : "T-opentelemetry-S-opentelemetry-metrics-S-otel_metrics", + "fields" : [ + { + "doc" : "Enable or disable Open Telemetry signal.", + "hash" : "V-opentelemetry-S-opentelemetry-metrics-S-otel_metrics-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The delay interval between two consecutive exports of Open Telemetry signals.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-opentelemetry-S-opentelemetry-metrics-S-otel_metrics-interval", + "aliases" : [ + "scheduled_delay" + ], + "text" : "interval", + "type" : "Duration", + "default" : "\"10s\"" + } + ], + "text" : "otel_metrics" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-metrics", + "text" : "metrics", + "type" : "Struct(otel_metrics)" + }, + { + "doc" : "Open Telemetry Logs configuration. If enabled, EMQX installs a log handler that formats events according to Open Telemetry log data model and\nexports them to the configured Open Telemetry collector or backend.", + "refs" : [ + { + "doc" : "Open Telemetry Logs configuration. If enabled, EMQX installs a log handler that formats events according to Open Telemetry log data model and\nexports them to the configured Open Telemetry collector or backend.", + "hash" : "T-opentelemetry-S-opentelemetry-logs-S-otel_logs", + "fields" : [ + { + "doc" : "The log level of the Open Telemetry log handler.", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "Enable or disable Open Telemetry signal.", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The delay interval between two consecutive exports of Open Telemetry signals.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-scheduled_delay", + "text" : "scheduled_delay", + "type" : "Duration", + "default" : "\"1s\"" + } + ], + "text" : "otel_logs" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-logs", + "text" : "logs", + "type" : "Struct(otel_logs)" + }, + { + "doc" : "Open Telemetry Traces configuration.", + "refs" : [ + { + "doc" : "Open Telemetry Traces configuration.", + "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces", + "fields" : [ + { + "doc" : "Enable or disable Open Telemetry signal.", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The delay interval between two consecutive exports of Open Telemetry signals.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-scheduled_delay", + "text" : "scheduled_delay", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Open Telemetry Trace Filter configuration", + "refs" : [ + { + "doc" : "Open Telemetry Trace Filter configuration", + "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter", + "fields" : [ + { + "doc" : "If enabled, all published messages are traced, a new trace ID is generated if it can't be extracted from the message.\nOtherwise, only messages published with trace context are traced. Disabled by default.", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-trace_all", + "text" : "trace_all", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "trace_filter" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter", + "text" : "filter", + "type" : "Struct(trace_filter)" + } + ], + "text" : "otel_traces" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-traces", + "text" : "traces", + "type" : "Struct(otel_traces)" + }, + { + "doc" : "Open Telemetry Exporter", + "refs" : [ + { + "doc" : "Open Telemetry Exporter", + "hash" : "T-opentelemetry-S-opentelemetry-exporter-S-otel_exporter", + "fields" : [ + { + "doc" : "The target URL to which the exporter is going to send Open Telemetry signal data.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-endpoint", + "text" : "endpoint", + "type" : "String", + "default" : "\"http://localhost:4317\"" + }, + { + "doc" : "SSL configuration for the Open Telemetry exporter", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "otel_exporter" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-exporter", + "text" : "exporter", + "type" : "Struct(otel_exporter)" + } + ], + "text" : "opentelemetry" + } + ], + "hash" : "V-opentelemetry", + "text" : "opentelemetry", + "type" : "Struct(opentelemetry)" + }, + { + "refs" : [ + { + "doc" : "API Key, can be used to request API other than the management API key and the Dashboard user management API", + "hash" : "T-api_key-S-api_key", + "fields" : [ + { + "doc" : "The bootstrap file provides API keys for EMQX.\nEMQX will load these keys on startup to authorize API requests.\nIt contains colon-separated values in the format: `api_key:api_secret:role`.\nEach line specifies an API key and its associated secret, and the role of this key.\nThe 'role' part should be the pre-defined access scope group name,\nfor example, `administrator` or `viewer`.\nThe 'role' is introduced in 5.4, to be backward compatible, if it is missing, the key is implicitly granted `administrator` role.", + "hash" : "V-api_key-S-api_key-bootstrap_file", + "text" : "bootstrap_file", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "api_key" + } + ], + "hash" : "V-api_key", + "text" : "api_key", + "type" : "Struct(api_key)" + } + ], + "text" : "root" +} \ No newline at end of file diff --git a/hocon/hocon-ce-v5.8.2-zh.json b/hocon/hocon-ce-v5.8.2-zh.json new file mode 100644 index 000000000..982e8eb1f --- /dev/null +++ b/hocon/hocon-ce-v5.8.2-zh.json @@ -0,0 +1,16329 @@ +{ + "doc" : "", + "hash" : "T-root", + "fields" : [ + { + "refs" : [ + { + "doc" : "MQTT listeners identified by their protocol type and assigned names", + "hash" : "T-listeners-S-listeners", + "fields" : [ + { + "doc" : "TCP 监听器。", + "refs" : [ + { + "doc" : "Settings for the MQTT over TCP listener.", + "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener", + "fields" : [ + { + "doc" : "监听套接字的 IP 地址和端口。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "1883" + }, + { + "doc" : "监听器接收池的大小。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "监听器允许的最大并发连接数。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "发布或订阅时,请在所有主题前面加上 mountpoint 字符串。\n\n将消息传递给订阅者时,将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。\n\n例如,如果客户机 A 使用 listeners.tcp.\\.mountpoint 设置为'some_tenant',那么客户端实际上订阅了主题'some_tenant/t'。
\n类似地,如果另一个客户端 B(与客户端 A 连接到同一个侦听器)向主题 't' 发送消息,该消息将路由到所有订阅了'some_租户/t'的客户端,因此客户端 A 将接收主题名为't'的消息
\n\n设置为\"\" 以禁用该功能
\n\nmountpoint 字符串中的变量:\n- ${clientid}: clientid\n- ${username}: username", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "用于限制当前监听器接受连接的速率。\n\n一旦达到限制,EMQX 将暂停从接受队列中获取连接,从而延迟或拒绝新连接。\n\n例如:\n\n- 1000/s:每秒只接受 1000 个连接。\n- 1000/10s:每 10 秒只接受 1000 个连接。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的消息数量。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n例如:\n\n- 500/s:每秒只接收 500 条消息,剩余消息将被延迟。\n- 500/10s:每 10 秒只接收 500 条消息,剩余消息将被延迟。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的字节数。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- 500KB/s:每秒钟只接收 500 千字节,剩余字节将被延迟。\n- 500MB/10s:每 10 秒只接收 500 兆字节,剩余字节将被延迟。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "此监听器的访问控制规则。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + } + ], + "text" : "mqtt_tcp_listener" + } + ], + "hash" : "V-listeners-S-listeners-tcp", + "text" : "tcp", + "type" : "Map($name->OneOf(Struct(mqtt_tcp_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "SSL 监听器。", + "refs" : [ + { + "doc" : "Settings for the MQTT over SSL listener.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener", + "fields" : [ + { + "doc" : "监听套接字的 IP 地址和端口。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8883" + }, + { + "doc" : "监听器接收池的大小。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "监听器允许的最大并发连接数。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "发布或订阅时,请在所有主题前面加上 mountpoint 字符串。\n\n将消息传递给订阅者时,将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。\n\n例如,如果客户机 A 使用 listeners.tcp.\\.mountpoint 设置为'some_tenant',那么客户端实际上订阅了主题'some_tenant/t'。
\n类似地,如果另一个客户端 B(与客户端 A 连接到同一个侦听器)向主题 't' 发送消息,该消息将路由到所有订阅了'some_租户/t'的客户端,因此客户端 A 将接收主题名为't'的消息
\n\n设置为\"\" 以禁用该功能
\n\nmountpoint 字符串中的变量:\n- ${clientid}: clientid\n- ${username}: username", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "用于限制当前监听器接受连接的速率。\n\n一旦达到限制,EMQX 将暂停从接受队列中获取连接,从而延迟或拒绝新连接。\n\n例如:\n\n- 1000/s:每秒只接受 1000 个连接。\n- 1000/10s:每 10 秒只接受 1000 个连接。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的消息数量。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n例如:\n\n- 500/s:每秒只接收 500 条消息,剩余消息将被延迟。\n- 500/10s:每 10 秒只接收 500 条消息,剩余消息将被延迟。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的字节数。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- 500KB/s:每秒钟只接收 500 千字节,剩余字节将被延迟。\n- 500MB/10s:每 10 秒只接收 500 兆字节,剩余字节将被延迟。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "此监听器的访问控制规则。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "mqtt_ssl_listener" + } + ], + "hash" : "V-listeners-S-listeners-ssl", + "text" : "ssl", + "type" : "Map($name->OneOf(Struct(mqtt_ssl_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "HTTP websocket 监听器。", + "refs" : [ + { + "doc" : "Settings for the MQTT over WebSocket listener.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener", + "fields" : [ + { + "doc" : "监听套接字的 IP 地址和端口。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8083" + }, + { + "doc" : "监听器接收池的大小。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "监听器允许的最大并发连接数。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "发布或订阅时,请在所有主题前面加上 mountpoint 字符串。\n\n将消息传递给订阅者时,将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。\n\n例如,如果客户机 A 使用 listeners.tcp.\\.mountpoint 设置为'some_tenant',那么客户端实际上订阅了主题'some_tenant/t'。
\n类似地,如果另一个客户端 B(与客户端 A 连接到同一个侦听器)向主题 't' 发送消息,该消息将路由到所有订阅了'some_租户/t'的客户端,因此客户端 A 将接收主题名为't'的消息
\n\n设置为\"\" 以禁用该功能
\n\nmountpoint 字符串中的变量:\n- ${clientid}: clientid\n- ${username}: username", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "用于限制当前监听器接受连接的速率。\n\n一旦达到限制,EMQX 将暂停从接受队列中获取连接,从而延迟或拒绝新连接。\n\n例如:\n\n- 1000/s:每秒只接受 1000 个连接。\n- 1000/10s:每 10 秒只接受 1000 个连接。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的消息数量。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n例如:\n\n- 500/s:每秒只接收 500 条消息,剩余消息将被延迟。\n- 500/10s:每 10 秒只接收 500 条消息,剩余消息将被延迟。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的字节数。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- 500KB/s:每秒钟只接收 500 千字节,剩余字节将被延迟。\n- 500MB/10s:每 10 秒只接收 500 兆字节,剩余字节将被延迟。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "此监听器的访问控制规则。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "WebSocket listener options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts", + "fields" : [ + { + "doc" : "WebSocket 的 MQTT 协议路径。因此,EMQX Broker 的 WebSocket 地址为:\nws://{ip}:{port}/mqtt", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_path", + "text" : "mqtt_path", + "type" : "String", + "default" : "\"/mqtt\"" + }, + { + "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_piggyback", + "text" : "mqtt_piggyback", + "type" : "Enum(single,multiple)", + "default" : "multiple" + }, + { + "doc" : "如果 true,则使用 zlib 压缩 WebSocket 消息
\ndeflate_opts 下的配置项属于压缩相关参数配置。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "关闭在此间隔内未发送 MQTT CONNECT 消息的客户端的传输层连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "单个 MQTT 数据包的最大长度。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "如果true,当客户端未携带Sec WebSocket Protocol字段时,服务器将返回一个错误。\n
注意:微信小程序需要禁用此验证。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "逗号分隔的 subprotocols 支持列表。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\"" + }, + { + "doc" : "如果trueoriginHTTP 头将根据check_origins参数中配置的允许来源列表进行验证。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "如果设置为 false 并且 check_origin_enabletrue,服务器将拒绝没有 origin HTTP 头的请求。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "允许的 origins 列表", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "HTTP 头,用于传递有关客户端 IP 地址的信息。\n当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "HTTP 头,用于传递有关客户端端口的信息。当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "压缩级别", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "指定压缩策略。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "接管意味着在服务器消息之间保留压缩状态。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "接管意味着在客户端消息之间保留压缩状态。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "指定服务器压缩上下文的大小。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "指定客户端压缩上下文的大小。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + }, + { + "doc" : "设置为 false 可以禁用 WebSocket 帧 UTF-8 验证以提高性能。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-validate_utf8", + "text" : "validate_utf8", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "ws_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket", + "text" : "websocket", + "type" : "Struct(ws_opts)" + } + ], + "text" : "mqtt_ws_listener" + } + ], + "hash" : "V-listeners-S-listeners-ws", + "text" : "ws", + "type" : "Map($name->OneOf(Struct(mqtt_ws_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "HTTPS websocket 监听器。", + "refs" : [ + { + "doc" : "Settings for the MQTT over WebSocket/SSL listener.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener", + "fields" : [ + { + "doc" : "监听套接字的 IP 地址和端口。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8084" + }, + { + "doc" : "监听器接收池的大小。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "监听器允许的最大并发连接数。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "发布或订阅时,请在所有主题前面加上 mountpoint 字符串。\n\n将消息传递给订阅者时,将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。\n\n例如,如果客户机 A 使用 listeners.tcp.\\.mountpoint 设置为'some_tenant',那么客户端实际上订阅了主题'some_tenant/t'。
\n类似地,如果另一个客户端 B(与客户端 A 连接到同一个侦听器)向主题 't' 发送消息,该消息将路由到所有订阅了'some_租户/t'的客户端,因此客户端 A 将接收主题名为't'的消息
\n\n设置为\"\" 以禁用该功能
\n\nmountpoint 字符串中的变量:\n- ${clientid}: clientid\n- ${username}: username", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "用于限制当前监听器接受连接的速率。\n\n一旦达到限制,EMQX 将暂停从接受队列中获取连接,从而延迟或拒绝新连接。\n\n例如:\n\n- 1000/s:每秒只接受 1000 个连接。\n- 1000/10s:每 10 秒只接受 1000 个连接。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的消息数量。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n例如:\n\n- 500/s:每秒只接收 500 条消息,剩余消息将被延迟。\n- 500/10s:每 10 秒只接收 500 条消息,剩余消息将被延迟。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的字节数。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- 500KB/s:每秒钟只接收 500 千字节,剩余字节将被延迟。\n- 500MB/10s:每 10 秒只接收 500 兆字节,剩余字节将被延迟。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "此监听器的访问控制规则。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "Socket options for WebSocket/SSL connections.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "listener_wss_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_wss_opts)" + }, + { + "refs" : [ + { + "doc" : "WebSocket listener options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts", + "fields" : [ + { + "doc" : "WebSocket 的 MQTT 协议路径。因此,EMQX Broker 的 WebSocket 地址为:\nws://{ip}:{port}/mqtt", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_path", + "text" : "mqtt_path", + "type" : "String", + "default" : "\"/mqtt\"" + }, + { + "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_piggyback", + "text" : "mqtt_piggyback", + "type" : "Enum(single,multiple)", + "default" : "multiple" + }, + { + "doc" : "如果 true,则使用 zlib 压缩 WebSocket 消息
\ndeflate_opts 下的配置项属于压缩相关参数配置。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "关闭在此间隔内未发送 MQTT CONNECT 消息的客户端的传输层连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "单个 MQTT 数据包的最大长度。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "如果true,当客户端未携带Sec WebSocket Protocol字段时,服务器将返回一个错误。\n
注意:微信小程序需要禁用此验证。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "逗号分隔的 subprotocols 支持列表。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\"" + }, + { + "doc" : "如果trueoriginHTTP 头将根据check_origins参数中配置的允许来源列表进行验证。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "如果设置为 false 并且 check_origin_enabletrue,服务器将拒绝没有 origin HTTP 头的请求。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "允许的 origins 列表", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "HTTP 头,用于传递有关客户端 IP 地址的信息。\n当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "HTTP 头,用于传递有关客户端端口的信息。当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "压缩级别", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "指定压缩策略。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "接管意味着在服务器消息之间保留压缩状态。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "接管意味着在客户端消息之间保留压缩状态。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "指定服务器压缩上下文的大小。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "指定客户端压缩上下文的大小。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + }, + { + "doc" : "设置为 false 可以禁用 WebSocket 帧 UTF-8 验证以提高性能。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-validate_utf8", + "text" : "validate_utf8", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "ws_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket", + "text" : "websocket", + "type" : "Struct(ws_opts)" + } + ], + "text" : "mqtt_wss_listener" + } + ], + "hash" : "V-listeners-S-listeners-wss", + "text" : "wss", + "type" : "Map($name->OneOf(Struct(mqtt_wss_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "QUIC 监听器。", + "refs" : [ + { + "doc" : "Settings for the MQTT over QUIC listener.", + "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener", + "fields" : [ + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式。
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3。
\n如果打算使用 PSK 密码套件,tlsv1.3 应在 ssl.versions 中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\n\n注:QUIC 监听器只支持 tlsv1.3 的 ciphers。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256]" + }, + { + "doc" : "QUIC 传输层的 TLS 选项", + "refs" : [ + { + "doc" : "TLS options for QUIC transport.", + "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "listener_quic_ssl_opts" + } + ], + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_quic_ssl_opts)" + }, + { + "doc" : "监听套接字的 IP 地址和端口。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "14567" + }, + { + "doc" : "监听器接收池的大小。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "监听器允许的最大并发连接数。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "发布或订阅时,请在所有主题前面加上 mountpoint 字符串。\n\n将消息传递给订阅者时,将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。\n\n例如,如果客户机 A 使用 listeners.tcp.\\.mountpoint 设置为'some_tenant',那么客户端实际上订阅了主题'some_tenant/t'。
\n类似地,如果另一个客户端 B(与客户端 A 连接到同一个侦听器)向主题 't' 发送消息,该消息将路由到所有订阅了'some_租户/t'的客户端,因此客户端 A 将接收主题名为't'的消息
\n\n设置为\"\" 以禁用该功能
\n\nmountpoint 字符串中的变量:\n- ${clientid}: clientid\n- ${username}: username", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "用于限制当前监听器接受连接的速率。\n\n一旦达到限制,EMQX 将暂停从接受队列中获取连接,从而延迟或拒绝新连接。\n\n例如:\n\n- 1000/s:每秒只接受 1000 个连接。\n- 1000/10s:每 10 秒只接受 1000 个连接。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的消息数量。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n例如:\n\n- 500/s:每秒只接收 500 条消息,剩余消息将被延迟。\n- 500/10s:每 10 秒只接收 500 条消息,剩余消息将被延迟。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的字节数。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- 500KB/s:每秒钟只接收 500 千字节,剩余字节将被延迟。\n- 500MB/10s:每 10 秒只接收 500 兆字节,剩余字节将被延迟。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + } + ], + "text" : "mqtt_quic_listener" + } + ], + "hash" : "V-listeners-S-listeners-quic", + "text" : "quic", + "type" : "Map($name->OneOf(Struct(mqtt_quic_listener),String(\"marked_for_deletion\")))" + } + ], + "text" : "listeners" + } + ], + "hash" : "V-listeners", + "text" : "listeners", + "type" : "Struct(listeners)" + }, + { + "doc" : "全局的 MQTT 配置项。\nmqtt 下所有的配置作为全局的默认值存在,它可以被 zone 中的配置覆盖", + "refs" : [ + { + "doc" : "Global MQTT configuration.", + "hash" : "T-mqtt-S-mqtt", + "fields" : [ + { + "doc" : "设置连接被断开或进入休眠状态前的等待时间,空闲超时后,\n - 如暂未收到客户端的 CONNECT 报文,连接将断开;\n - 如已收到客户端的 CONNECT 报文,连接将进入休眠模式以节省系统资源。\n\n注意:请合理设置该参数值,如等待时间设置过长,可能造成系统资源的浪费。", + "hash" : "V-mqtt-S-mqtt-idle_timeout", + "text" : "idle_timeout", + "type" : "OneOf(String(\"infinity\"),Duration)", + "default" : "\"15s\"" + }, + { + "doc" : "允许的最大 MQTT 报文大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-mqtt-S-mqtt-max_packet_size", + "text" : "max_packet_size", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "允许的最大 MQTT Client ID 长度。", + "hash" : "V-mqtt-S-mqtt-max_clientid_len", + "text" : "max_clientid_len", + "type" : "Integer(23..65535)", + "default" : "65535" + }, + { + "doc" : "允许的最大主题层级。", + "hash" : "V-mqtt-S-mqtt-max_topic_levels", + "text" : "max_topic_levels", + "type" : "Integer(1..65535)", + "default" : "128" + }, + { + "doc" : "允许的最大主题别名数,0 表示不支持主题别名。", + "hash" : "V-mqtt-S-mqtt-max_topic_alias", + "text" : "max_topic_alias", + "type" : "Integer(0..65535)", + "default" : "65535" + }, + { + "doc" : "是否启用对 MQTT 保留消息的支持。", + "hash" : "V-mqtt-S-mqtt-retain_available", + "text" : "retain_available", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "是否启用对 MQTT 通配符订阅的支持。", + "hash" : "V-mqtt-S-mqtt-wildcard_subscription", + "text" : "wildcard_subscription", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "是否启用对 MQTT 共享订阅的支持。", + "hash" : "V-mqtt-S-mqtt-shared_subscription", + "text" : "shared_subscription", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "共享订阅的分发策略。\n - random:随机选择一个订阅者进行分发;\n - round_robin:从单个发布者处的消息依次分发给订阅者;\n - round_robin_per_group:所有消息依次分发给订阅者;\n - local:随机选择当前节点上的一个订阅者,如果当前节点没有订阅者,则在集群内随机选择;\n - sticky:持续将消息分发给最初选择的订阅者,直到他们的会话结束;\n - hash_clientid:哈希发布者的客户端 ID 以选择订阅者;\n - hash_topic:哈希发布主题以选择订阅者。", + "hash" : "V-mqtt-S-mqtt-shared_subscription_strategy", + "text" : "shared_subscription_strategy", + "type" : "Enum(random,round_robin,round_robin_per_group,sticky,local,hash_topic,hash_clientid)", + "default" : "round_robin" + }, + { + "doc" : "当 shared_subscription_strategy 为 `sticky` 时,初始订阅者选择的策略。\n - `random`: 随机选择订阅者;\n - `local`: 随机选择当前节点上的订阅者,如果当前节点上没有订阅者,则在集群中随机选择;\n - `hash_clientid`: 根据发布者的客户端 ID 进行哈希,选择订阅者;\n - `hash_topic`: 根据发布的主题进行哈希,选择订阅者。", + "hash" : "V-mqtt-S-mqtt-shared_subscription_initial_sticky_pick", + "text" : "shared_subscription_initial_sticky_pick", + "type" : "Enum(random,local,hash_topic,hash_clientid)", + "default" : "random" + }, + { + "doc" : "是否启用对 MQTT 排它订阅的支持。", + "hash" : "V-mqtt-S-mqtt-exclusive_subscription", + "text" : "exclusive_subscription", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "设置由 MQTT v3.1.1/v3.1.0 客户端发布的消息是否将转发给其本身;类似 MQTT 5.0 协议中的 No Local 选项。", + "hash" : "V-mqtt-S-mqtt-ignore_loop_deliver", + "text" : "ignore_loop_deliver", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "是否以严格模式解析 MQTT 消息。\n严格模式下,如客户端 ID、主题名称等中包含无效 utf8 字符串,连接将被断开。", + "hash" : "V-mqtt-S-mqtt-strict_mode", + "text" : "strict_mode", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "UTF-8 字符串,用于指定返回给客户端的响应主题,如 reqrsp/,此时请求和应答客户端都需要使用 reqrsp/ 前缀的主题来完成通讯。\n如希望禁用此功能,请在下方的文字框中输入\"\";仅适用于 MQTT 5.0 客户端。", + "hash" : "V-mqtt-S-mqtt-response_information", + "text" : "response_information", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "EMQX 要求的保活时间,如设为 disabled,则将使用客户端指定的保持连接时间;仅适用于 MQTT 5.0 客户端。", + "hash" : "V-mqtt-S-mqtt-server_keepalive", + "text" : "server_keepalive", + "type" : "OneOf(Integer(1..+inf),String(\"disabled\"))", + "default" : "disabled" + }, + { + "doc" : "EMQX 判定客户端 Keep Alive 超时使用的 Keep Alive 倍数。计算公式为:Keep Alive 超时 = Keep Alive 间隔 × Keep Alive 倍数。 默认值 1.5 遵循 MQTT 5.0 规范。此倍数可调整,为系统管理员提供根据特定需求进行定制的灵活性。例如,如果客户端的 10 秒保持连接间隔的 PINGREQ 因为额外的 10 秒延迟,将倍数更改为 2 可以让 EMQX 容忍此延迟。", + "hash" : "V-mqtt-S-mqtt-keepalive_multiplier", + "text" : "keepalive_multiplier", + "type" : "Number", + "default" : "1.5" + }, + { + "doc" : "检查传入 MQTT 数据包的频率,决定服务器检查新 MQTT 数据包的频率。\n如果在没有客户端发送任何数据包的情况下经过了一定时间,这段时间将累加起来。\n一旦累积时间超过 `keepalive-interval * keepalive-multiplier`,连接将被终止。\n默认设置为 30 秒,最小值为 1 秒,最大值为 `keepalive-interval / 2`。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-mqtt-S-mqtt-keepalive_check_interval", + "text" : "keepalive_check_interval", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "QoS 1/2 消息的重新投递间隔。", + "hash" : "V-mqtt-S-mqtt-retry_interval", + "text" : "retry_interval", + "type" : "OneOf(String(\"infinity\"),Duration)", + "default" : "infinity" + }, + { + "doc" : "是否使用用户名作为客户端 ID。\n此设置的作用时间晚于 对端证书作为用户名对端证书作为客户端 ID。", + "hash" : "V-mqtt-S-mqtt-use_username_as_clientid", + "text" : "use_username_as_clientid", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "使用对端证书中的 CN、DN 字段或整个证书内容来作为用户名;仅适用于 TLS 连接。\n目前支持:\n- cn: 取证书的 CN 字段\n- dn: 取证书的 DN 字段\n- crt: 取 DERPEM 的证书内容\n- pem: 将 DER 证书转换为 PEM 格式作为用户名\n- md5: 取 DERPEM 证书内容的 MD5 值", + "hash" : "V-mqtt-S-mqtt-peer_cert_as_username", + "text" : "peer_cert_as_username", + "type" : "Enum(disabled,cn,dn,crt,pem,md5)", + "default" : "disabled" + }, + { + "doc" : "使用对端证书中的 CN、DN 字段或整个证书内容来作为客户端 ID。仅适用于 TLS 连接;\n目前支持:\n- cn: 取证书的 CN 字段\n- dn: 取证书的 DN 字段\n- crt: 取 DERPEM 证书的内容\n- pem: 将 DER 证书内容转换为 PEM 格式作为客户端 ID\n- md5: 取 DERPEM 证书内容的 MD5 值", + "hash" : "V-mqtt-S-mqtt-peer_cert_as_clientid", + "text" : "peer_cert_as_clientid", + "type" : "Enum(disabled,cn,dn,crt,pem,md5)", + "default" : "disabled" + }, + { + "doc" : "指定如何初始化客户端属性。每个属性可被初始化为 `client_attrs.{NAME}` ,其中 `{NAME}` 是在配置字段 `set_as_attr` 中指定的属性名称。初始化的客户端属性将以指定的名称存储在 `client_attrs` 属性中。然后,它们可以在身份验证和授权过程的模板中用作占位符。例如,当 `set_as_attr = alias` 时,使用 `${client_attrs.alias}` 来渲染 HTTP POST 请求体,或者渲染监听器配置 `moutpoint = devices/${client_attrs.alias}/` 来初始化每个客户端独有的主题命名空间。", + "refs" : [ + { + "doc" : "指定如何初始化客户端属性。每个属性可被初始化为 `client_attrs.{NAME}` ,其中 `{NAME}` 是在配置字段 `set_as_attr` 中指定的属性名称。初始化的客户端属性将以指定的名称存储在 `client_attrs` 属性中。然后,它们可以在身份验证和授权过程的模板中用作占位符。例如,当 `set_as_attr = alias` 时,使用 `${client_attrs.alias}` 来渲染 HTTP POST 请求体,或者渲染监听器配置 `moutpoint = devices/${client_attrs.alias}/` 来初始化每个客户端独有的主题命名空间。", + "hash" : "T-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init", + "fields" : [ + { + "doc" : "单行表达式,用于求值一组预定义的字符串函数(类似规则引擎 SQL 语句中的函数)。\n表达式可以是带有嵌套调用的函数调用,或直接变量引用。\n目前,它不提供用户定义的变量绑定(如 `var a=1`)或用户定义的函数。\n例如,提取以点分隔的客户端 ID 的前缀:`nth(1, tokens(clientid, '.'))`。\n\n预绑定的变量包括:\n- `cn`: 客户端 TLS 证书的常用名称。\n- `dn`: 客户端 TLS 证书的专有名称(主题)。\n- `clientid`: MQTT 客户端 ID。\n- `username`: MQTT 客户端的用户名。\n- `user_property.{NAME}`: CONNECT 包中的用户属性。\n\n您可以在 EMQX 文档中了解更多关于各种表达式的信息。", + "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-expression", + "text" : "expression", + "type" : "String" + }, + { + "doc" : "从客户端数据中提取的客户端属性的名称。\n提取的属性将以此名称存储在 `client_attrs` 属性中。", + "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-set_as_attr", + "text" : "set_as_attr", + "type" : "String" + } + ], + "text" : "client_attrs_init" + } + ], + "hash" : "V-mqtt-S-mqtt-client_attrs_init", + "text" : "client_attrs_init", + "type" : "Array(Struct(client_attrs_init))", + "default" : "[]" + }, + { + "doc" : "指定会话将在连接断开后多久过期,仅适用于非 MQTT 5.0 的连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-mqtt-S-mqtt-session_expiry_interval", + "text" : "session_expiry_interval", + "type" : "Duration", + "default" : "\"2h\"" + }, + { + "doc" : "MQTT 消息的过期间隔。对于 MQTT 5.0 客户端,此配置仅在消息中未设置 Message-Expiry-Interval 属性时生效;否则,将使用 Message-Expiry-Interval 属性的值。对于 5.0 之前的 MQTT 版本,此配置将始终生效。请注意,将 message_expiry_interval 设置为大于 session_expiry_interval 是没有意义的,因为会话过期时所有消息将被清除。", + "hash" : "V-mqtt-S-mqtt-message_expiry_interval", + "text" : "message_expiry_interval", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "infinity" + }, + { + "doc" : "每个发布者的会话中,都存在一个队列来处理客户端发送的 QoS 2 消息。该队列会存储 QoS 2 消息的报文 ID 直到收到客户端的 PUBREL 或超时,达到队列长度的限制后,新的 QoS 2 消息发布会被拒绝,并返回 `147(0x93)` 错误。", + "hash" : "V-mqtt-S-mqtt-max_awaiting_rel", + "text" : "max_awaiting_rel", + "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))", + "default" : "100" + }, + { + "doc" : "允许的最大 QoS 等级。", + "hash" : "V-mqtt-S-mqtt-max_qos_allowed", + "text" : "max_qos_allowed", + "type" : "Integer(0..2)", + "default" : "2" + }, + { + "doc" : "主题优先级。取值范围 [1-255]\n默认优先级表为空,即所有的主题优先级相同。\n\n注:优先主题名称中不支持使用逗号和等号。\n注:不在此列表中的主题,被视为最高/最低优先级,这取决于mqtt.mqueue_default_priority 的配置。\n\n示例:\n配置 \"topic/1\" > \"topic/2\":\nmqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}", + "hash" : "V-mqtt-S-mqtt-mqueue_priorities", + "text" : "mqueue_priorities", + "type" : "OneOf(String(\"disabled\"),Map)", + "default" : "disabled" + }, + { + "doc" : "默认的主题优先级,不在 主题优先级mqueue_priorities) 中的主题将会使用该优先级。", + "hash" : "V-mqtt-S-mqtt-mqueue_default_priority", + "text" : "mqueue_default_priority", + "type" : "Enum(highest,lowest)", + "default" : "lowest" + }, + { + "doc" : "指定在连接断开但会话保持期间,是否需要在消息队列中存储 QoS 0 消息。", + "hash" : "V-mqtt-S-mqtt-mqueue_store_qos0", + "text" : "mqueue_store_qos0", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "消息队列最大长度。持久客户端断开连接或飞行窗口已满时排队的消息长度。", + "hash" : "V-mqtt-S-mqtt-max_mqueue_len", + "text" : "max_mqueue_len", + "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))", + "default" : "1000" + }, + { + "doc" : "允许在完成应答前同时投递的 QoS 1 和 QoS 2 消息的最大数量。", + "hash" : "V-mqtt-S-mqtt-max_inflight", + "text" : "max_inflight", + "type" : "Integer(1..65535)", + "default" : "32" + }, + { + "doc" : "允许每个客户端建立的最大订阅数量。", + "hash" : "V-mqtt-S-mqtt-max_subscriptions", + "text" : "max_subscriptions", + "type" : "OneOf(Integer(1..inf),String(\"infinity\"))", + "default" : "infinity" + }, + { + "doc" : "投递消息时,是否根据订阅主题时的 QoS 等级来强制提升派发的消息的 QoS 等级。", + "hash" : "V-mqtt-S-mqtt-upgrade_qos", + "text" : "upgrade_qos", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "客户端发布 QoS 2 消息时,服务器等待 `PUBREL` 的最长时延。超过该时长后服务器会放弃等待,该 PACKET ID 会被释放,从而允许后续新的 PUBLISH 消息使用。如果超时后收到 PUBREL,服务器将会产生一条告警日志。注意,向订阅客户端转发消息的动作发生在进入等待之前。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-mqtt-S-mqtt-await_rel_timeout", + "text" : "await_rel_timeout", + "type" : "Duration", + "default" : "\"300s\"" + } + ], + "text" : "mqtt" + } + ], + "hash" : "V-mqtt", + "text" : "mqtt", + "type" : "Struct(mqtt)" + }, + { + "doc" : "默认的 MQTT 监听器的全局认证配置。\n\n有关每个监听器的单独配置,请参阅监听器配置中的authentication。\n\n此选项可配置为:\n
    \n
  • []: 默认值,允许 *所有* 登录
    • \n
  • one: 例如 {enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}
    • \n
  • chain: 结构体数组。
    • \n
\n\n当配置了一个认证链时,登录凭据将按照配置的顺序检查后端,直到可以做出'允许'或'拒绝'的决定。\n\n如果在完全遍历认证链之后没有决定,登录将被拒绝。", + "refs" : [ + { + "doc" : "使用内置数据库作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-builtin_db", + "fields" : [ + { + "doc" : "Options for password hash creation and verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm (for DB backends with write capability).", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + }, + { + "doc" : "Work factor for BCRYPT password generation.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-salt_rounds", + "text" : "salt_rounds", + "type" : "Integer(5..10)", + "default" : "10" + } + ], + "text" : "bcrypt_rw" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt_rw),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-builtin_db-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-builtin_db-backend", + "text" : "backend", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "指定用于客户端身份 ID 认证的字段。", + "hash" : "V-authentication-S-builtin_db-user_id_type", + "text" : "user_id_type", + "type" : "Enum(clientid,username)", + "default" : "username" + }, + { + "doc" : "引导文件将用户导入内置数据库。\n对于数据库中已存在的用户 ID,不会重复导入。\n文件内容格式由 `bootstrap_type` 决定。", + "hash" : "V-authentication-S-builtin_db-bootstrap_file", + "text" : "bootstrap_file", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/auth-built-in-db-bootstrap.csv\"" + }, + { + "doc" : "指定引导文件的内容类型。\n\n- **`plain`**:\n - 所需数据字段: `user_id`, `password`, `is_superuser`\n - `user_id`: 可以是客户端 ID 或用户名,具体取决于内置数据库认证的 `user_id_type` 配置。\n - `password`: 用户的明文密码。\n - `is_superuser`: 布尔值,用户是否为管理员。\n\n- **`hash`**:\n - 所需数据字段 `user_id`,`password_hash`,`salt`,`is_superuser`\n - 定义与 `plain` 类型相似,为提高安全性增加了 `password_hash` 和 `salt`。\n\n内容可以是 CSV 或 JSON 格式。\n\n这是一个 CSV 示例:`user_id,password_hash,salt,is_superuser\\nmy_user,b6c743545a7817ae8c8f624371d5f5f0373234bb0ff36b8ffbf19bce0e06ab75,de1024f462fb83910fd13151bd4bd235,true`\n\nJSON 内容应解码为对象数组,例如:`[{\"user_id\": \"my_user\",\"password\": \"s3cr3tp@ssw0rd\",\"is_superuser\": true}]`.\n\n`password_hash` 的哈希字符串取决于内容数据库认证机制中 `password_hash_algorithm` 的配置。例如,如果配置为 `password_hash_algorithm {name = sha256, salt_position = suffix}`,则在哈希之前将 salt 添加到密码中。等效的 Python 表达式为: `hashlib.sha256(password + salt).hexdigest()`.", + "hash" : "V-authentication-S-builtin_db-bootstrap_type", + "text" : "bootstrap_type", + "type" : "Enum(hash,plain)", + "default" : "plain" + } + ], + "text" : "builtin_db" + }, + { + "doc" : "使用 MySQL 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-mysql", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-mysql-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-mysql-backend", + "text" : "backend", + "type" : "String(\"mysql\")" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mysql-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "用于查询密码散列等用于认证的数据的 SQL 语句。", + "hash" : "V-authentication-S-mysql-query", + "text" : "query", + "type" : "String" + }, + { + "doc" : "SQL 查询的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mysql-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式如下:主机[:端口]。
\n如果未指定[:端口],将使用 MySQL 的默认端口3306。", + "hash" : "V-authentication-S-mysql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authentication-S-mysql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-mysql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-mysql-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mysql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-mysql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mysql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mysql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mysql" + }, + { + "doc" : "使用 PostgreSQL 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-postgresql", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-postgresql-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-postgresql-backend", + "text" : "backend", + "type" : "String(\"postgresql\")" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-postgresql-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "用于查询密码散列等用于认证的数据的 SQL 语句。", + "hash" : "V-authentication-S-postgresql-query", + "text" : "query", + "type" : "String" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目的格式为:Host[:Port]。
\n如果没有指定 [:Port],将使用 PostgreSQL 默认端口 5432。", + "hash" : "V-authentication-S-postgresql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。", + "hash" : "V-authentication-S-postgresql-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authentication-S-postgresql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-postgresql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-postgresql-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-postgresql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-postgresql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-postgresql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-postgresql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "postgresql" + }, + { + "doc" : "使用 MongoDB (Standalone) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-mongo_single", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-mongo_single-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-mongo_single-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "存储认证数据的集合。", + "hash" : "V-authentication-S-mongo_single-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "在查询中定义过滤条件的条件表达式。\n过滤器支持如下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID", + "hash" : "V-authentication-S-mongo_single-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "存储密码散列值字段。", + "hash" : "V-authentication-S-mongo_single-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "用于存储盐值的字段。", + "hash" : "V-authentication-S-mongo_single-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "定义用户是否具有超级用户权限的字段。", + "hash" : "V-authentication-S-mongo_single-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "独立实例。当MongoDB服务器以独立模式运行时,必须设置为`single`。", + "hash" : "V-authentication-S-mongo_single-mongo_type", + "text" : "mongo_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
主机条目具有以下形式:主机[:端口]。
如果未指定[:端口],则使用MongoDB的默认端口27017。", + "hash" : "V-authentication-S-mongo_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authentication-S-mongo_single-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authentication-S-mongo_single-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-mongo_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-mongo_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authentication-S-mongo_single-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authentication-S-mongo_single-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authentication-S-mongo_single-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authentication-S-mongo_single-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_single-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_single" + }, + { + "doc" : "使用 MongoDB (Replica Set) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-mongo_rs", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-mongo_rs-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-mongo_rs-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "存储认证数据的集合。", + "hash" : "V-authentication-S-mongo_rs-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "在查询中定义过滤条件的条件表达式。\n过滤器支持如下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID", + "hash" : "V-authentication-S-mongo_rs-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "存储密码散列值字段。", + "hash" : "V-authentication-S-mongo_rs-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "用于存储盐值的字段。", + "hash" : "V-authentication-S-mongo_rs-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "定义用户是否具有超级用户权限的字段。", + "hash" : "V-authentication-S-mongo_rs-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "副本集。当MongoDB服务器以`副本集`模式运行时,必须设置为`rs`。", + "hash" : "V-authentication-S-mongo_rs-mongo_type", + "text" : "mongo_type", + "type" : "String(\"rs\")", + "default" : "rs" + }, + { + "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。", + "hash" : "V-authentication-S-mongo_rs-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authentication-S-mongo_rs-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "读取模式。", + "hash" : "V-authentication-S-mongo_rs-r_mode", + "text" : "r_mode", + "type" : "Enum(master,slave_ok)", + "default" : "master" + }, + { + "doc" : "副本集的名称。", + "hash" : "V-authentication-S-mongo_rs-replica_set_name", + "text" : "replica_set_name", + "type" : "String" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authentication-S-mongo_rs-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-mongo_rs-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-mongo_rs-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_rs-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authentication-S-mongo_rs-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authentication-S-mongo_rs-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authentication-S-mongo_rs-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authentication-S-mongo_rs-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_rs-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_rs-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_rs-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_rs" + }, + { + "doc" : "使用 MongoDB (Sharded Cluster) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-mongo_sharded", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-mongo_sharded-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-mongo_sharded-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "存储认证数据的集合。", + "hash" : "V-authentication-S-mongo_sharded-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "在查询中定义过滤条件的条件表达式。\n过滤器支持如下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID", + "hash" : "V-authentication-S-mongo_sharded-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "存储密码散列值字段。", + "hash" : "V-authentication-S-mongo_sharded-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "用于存储盐值的字段。", + "hash" : "V-authentication-S-mongo_sharded-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "定义用户是否具有超级用户权限的字段。", + "hash" : "V-authentication-S-mongo_sharded-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "分片集群。当 MongoDB 服务器以`分片`模式运行时,必须设置为`sharded`。", + "hash" : "V-authentication-S-mongo_sharded-mongo_type", + "text" : "mongo_type", + "type" : "String(\"sharded\")", + "default" : "sharded" + }, + { + "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。", + "hash" : "V-authentication-S-mongo_sharded-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authentication-S-mongo_sharded-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authentication-S-mongo_sharded-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-mongo_sharded-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-mongo_sharded-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_sharded-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authentication-S-mongo_sharded-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authentication-S-mongo_sharded-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authentication-S-mongo_sharded-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authentication-S-mongo_sharded-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_sharded-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_sharded-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_sharded-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_sharded" + }, + { + "doc" : "使用 Redis (Standalone) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-redis_single", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-redis_single-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-redis_single-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "用于查询密码散列等用于认证的数据的 Redis 命令,目前仅支持 HGETHMGET。", + "hash" : "V-authentication-S-redis_single-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_single-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authentication-S-redis_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Single 模式。 当 Redis 服务器在 Single 模式下运行时必须设置为 'single' 。", + "hash" : "V-authentication-S-redis_single-redis_type", + "text" : "redis_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-redis_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-redis_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis 数据库 ID。", + "hash" : "V-authentication-S-redis_single-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_single-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_single" + }, + { + "doc" : "使用 Redis (Cluster) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-redis_cluster", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-redis_cluster-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-redis_cluster-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "用于查询密码散列等用于认证的数据的 Redis 命令,目前仅支持 HGETHMGET。", + "hash" : "V-authentication-S-redis_cluster-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authentication-S-redis_cluster-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Cluster 模式。当 Redis 服务器在集群模式下运行时必须设置为'cluster'。", + "hash" : "V-authentication-S-redis_cluster-redis_type", + "text" : "redis_type", + "type" : "String(\"cluster\")", + "default" : "cluster" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-redis_cluster-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-redis_cluster-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_cluster-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_cluster-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_cluster-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_cluster-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_cluster" + }, + { + "doc" : "使用 Redis (Sentinel) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-redis_sentinel", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-redis_sentinel-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-redis_sentinel-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "用于查询密码散列等用于认证的数据的 Redis 命令,目前仅支持 HGETHMGET。", + "hash" : "V-authentication-S-redis_sentinel-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authentication-S-redis_sentinel-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Sentinel 模式。 当 Redis 服务器在 Senitel 模式下运行时必须设置为 'sentinel' 。", + "hash" : "V-authentication-S-redis_sentinel-redis_type", + "text" : "redis_type", + "type" : "String(\"sentinel\")", + "default" : "sentinel" + }, + { + "doc" : "Redis sentinel 模式下的集群名称。", + "hash" : "V-authentication-S-redis_sentinel-sentinel", + "text" : "sentinel", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-redis_sentinel-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-redis_sentinel-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_sentinel-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis 数据库 ID。", + "hash" : "V-authentication-S-redis_sentinel-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_sentinel-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_sentinel-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_sentinel-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_sentinel" + }, + { + "doc" : "使用 HTTP Server 作为认证服务的认证器的配置项 (使用 GET 请求)。", + "hash" : "T-authentication-S-http_get", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-http_get-method", + "text" : "method", + "type" : "String(\"get\")" + }, + { + "doc" : "HTTP Headers 列表 (无 content-type) 。", + "hash" : "V-authentication-S-http_get-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-http_get-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-http_get-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "认证 HTTP 服务器地址。", + "hash" : "V-authentication-S-http_get-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求体。", + "hash" : "V-authentication-S-http_get-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP 请求超时时长。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_get-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "配置 HTTP 请求参数。", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-http_get-request-S-request", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-http_get-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-http_get-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-http_get-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-authentication-S-http_get-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-authentication-S-http_get-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_get-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-http_get-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-http_get-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-http_get-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "连接池大小。", + "hash" : "V-authentication-S-http_get-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_get-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-http_get-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-authentication-S-http_get-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_get-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + } + ], + "text" : "http_get" + }, + { + "doc" : "使用 HTTP Server 作为认证服务的认证器的配置项 (使用 POST 请求)。", + "hash" : "T-authentication-S-http_post", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-http_post-method", + "text" : "method", + "type" : "String(\"post\")" + }, + { + "doc" : "HTTP Headers 列表", + "hash" : "V-authentication-S-http_post-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-http_post-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-http_post-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "认证 HTTP 服务器地址。", + "hash" : "V-authentication-S-http_post-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求体。", + "hash" : "V-authentication-S-http_post-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP 请求超时时长。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_post-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "配置 HTTP 请求参数。", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-http_post-request-S-request", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-http_post-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-http_post-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-http_post-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-authentication-S-http_post-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-authentication-S-http_post-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_post-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-http_post-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-http_post-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-http_post-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "连接池大小。", + "hash" : "V-authentication-S-http_post-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_post-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-http_post-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-authentication-S-http_post-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_post-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + } + ], + "text" : "http_post" + }, + { + "doc" : "用于认证的 JWT 使用 HMAC 算法签发时的配置。", + "hash" : "T-authentication-S-jwt_hmac", + "fields" : [ + { + "doc" : "JWT 签名算法,支持 HMAC (配置为 hmac-based)和 RSA、ECDSA (配置为 public-key)。", + "hash" : "V-authentication-S-jwt_hmac-algorithm", + "text" : "algorithm", + "type" : "Enum(hmac-based)" + }, + { + "doc" : "使用 HMAC 算法时用于验证 JWT 的密钥", + "hash" : "V-authentication-S-jwt_hmac-secret", + "text" : "secret", + "type" : "String" + }, + { + "doc" : "密钥是否为 base64 编码。", + "hash" : "V-authentication-S-jwt_hmac-secret_base64_encoded", + "text" : "secret_base64_encoded", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-jwt_hmac-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "用于获取 ACL 规则的 JWT 声明名称。", + "hash" : "V-authentication-S-jwt_hmac-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "需要验证的自定义声明列表,是一个由名称/值对组成的列表。指定一个键(Key)来查找 JWT 中对应的声明(Claim),并提供一个预期值(Expected Value)来与声明的实际值进行比较,以确保只有满足特定条件的 JWT 才能被接受和使用。\n例如要求 JWT 中的特定声明(如 clientid)的值必须与当前连接的客户端 ID 相匹配。\n预期值可以使用以下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID\n身份认证将确认 JWT 中的声明值(从密码字段中获取)与 verify_claims 中要求的内容是否匹配。", + "hash" : "V-authentication-S-jwt_hmac-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "在 token 过期后断开客户端连接。", + "hash" : "V-authentication-S-jwt_hmac-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "指定客户端连接请求中 JWT 的位置。", + "hash" : "V-authentication-S-jwt_hmac-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_hmac" + }, + { + "doc" : "用于认证的 JWT 使用 RSA 或 ECDSA 算法签发时的配置。", + "hash" : "T-authentication-S-jwt_public_key", + "fields" : [ + { + "doc" : "JWT 签名算法,支持 HMAC (配置为 hmac-based)和 RSA、ECDSA (配置为 public-key)。", + "hash" : "V-authentication-S-jwt_public_key-algorithm", + "text" : "algorithm", + "type" : "Enum(public-key)" + }, + { + "doc" : "用于验证 JWT 的公钥。", + "hash" : "V-authentication-S-jwt_public_key-public_key", + "text" : "public_key", + "type" : "String" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-jwt_public_key-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "用于获取 ACL 规则的 JWT 声明名称。", + "hash" : "V-authentication-S-jwt_public_key-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "需要验证的自定义声明列表,是一个由名称/值对组成的列表。指定一个键(Key)来查找 JWT 中对应的声明(Claim),并提供一个预期值(Expected Value)来与声明的实际值进行比较,以确保只有满足特定条件的 JWT 才能被接受和使用。\n例如要求 JWT 中的特定声明(如 clientid)的值必须与当前连接的客户端 ID 相匹配。\n预期值可以使用以下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID\n身份认证将确认 JWT 中的声明值(从密码字段中获取)与 verify_claims 中要求的内容是否匹配。", + "hash" : "V-authentication-S-jwt_public_key-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "在 token 过期后断开客户端连接。", + "hash" : "V-authentication-S-jwt_public_key-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "指定客户端连接请求中 JWT 的位置。", + "hash" : "V-authentication-S-jwt_public_key-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_public_key" + }, + { + "doc" : "用于认证的 JWTs 需要从 JWKS 端点获取时的配置。", + "hash" : "T-authentication-S-jwt_jwks", + "fields" : [ + { + "doc" : "是否使用 JWKS。", + "hash" : "V-authentication-S-jwt_jwks-use_jwks", + "text" : "use_jwks", + "type" : "Enum(true)" + }, + { + "doc" : "JWKS 端点, 它是一个以 JWKS 格式返回服务端的公钥集的只读端点。", + "hash" : "V-authentication-S-jwt_jwks-endpoint", + "text" : "endpoint", + "type" : "String" + }, + { + "doc" : "JWKS 请求中需要发送的 HTTP 请求头列表。", + "hash" : "V-authentication-S-jwt_jwks-headers", + "text" : "headers", + "type" : "Map", + "default" : "{Accept = \"application/json\"}" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-jwt_jwks-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "JWKS 刷新间隔。", + "hash" : "V-authentication-S-jwt_jwks-refresh_interval", + "text" : "refresh_interval", + "type" : "Integer", + "default" : "300" + }, + { + "doc" : "SSL 选项。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-jwt_jwks-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-jwt_jwks-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-jwt_jwks-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "用于获取 ACL 规则的 JWT 声明名称。", + "hash" : "V-authentication-S-jwt_jwks-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "需要验证的自定义声明列表,是一个由名称/值对组成的列表。指定一个键(Key)来查找 JWT 中对应的声明(Claim),并提供一个预期值(Expected Value)来与声明的实际值进行比较,以确保只有满足特定条件的 JWT 才能被接受和使用。\n例如要求 JWT 中的特定声明(如 clientid)的值必须与当前连接的客户端 ID 相匹配。\n预期值可以使用以下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID\n身份认证将确认 JWT 中的声明值(从密码字段中获取)与 verify_claims 中要求的内容是否匹配。", + "hash" : "V-authentication-S-jwt_jwks-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "在 token 过期后断开客户端连接。", + "hash" : "V-authentication-S-jwt_jwks-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "指定客户端连接请求中 JWT 的位置。", + "hash" : "V-authentication-S-jwt_jwks-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_jwks" + }, + { + "doc" : "Settings for Salted Challenge Response Authentication Mechanism\n(SCRAM) authentication.", + "hash" : "T-authentication-S-scram", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-scram-mechanism", + "text" : "mechanism", + "type" : "String(\"scram\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-scram-backend", + "text" : "backend", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "Hashing algorithm.", + "hash" : "V-authentication-S-scram-algorithm", + "text" : "algorithm", + "type" : "Enum(sha256,sha512)", + "default" : "sha256" + }, + { + "doc" : "Iteration count.", + "hash" : "V-authentication-S-scram-iteration_count", + "text" : "iteration_count", + "type" : "Integer(0..+inf)", + "default" : "4096" + } + ], + "text" : "scram" + }, + { + "doc" : "使用 LDAP 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-ldap", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-ldap-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-ldap-backend", + "text" : "backend", + "type" : "String(\"ldap\")" + }, + { + "doc" : "LDAP 查询的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机名条目的格式为:`主机[:端口]`。
\n如果 `[:端口]` 未指定, 将使用 LDAP 默认端口 389。", + "hash" : "V-authentication-S-ldap-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-ldap-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-ldap-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-ldap-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "与基本对象条目(或根)相关的名称。\n搜索用户的起点。", + "hash" : "V-authentication-S-ldap-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "定义哪些条件必须被依次满足的过滤器\n用于搜索匹配一条给定的条目.
\n筛选器的语法遵循 RFC 4515,并且还支持占位符。", + "hash" : "V-authentication-S-ldap-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "设置每个单独请求所使用的最大时间(以毫秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "启用 SSL 连接。", + "hash" : "T-authentication-S-ldap-ssl-S-ssl", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authentication-S-ldap-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + }, + { + "doc" : "认证方式。", + "refs" : [ + { + "doc" : "通过将本地密码与经过由`密码属性`指定的算法加密的密码进行比对来进行认证。", + "hash" : "T-authentication-S-ldap-method-S-hash_method", + "fields" : [ + { + "doc" : "认证方式类型。", + "hash" : "V-authentication-S-ldap-method-S-hash_method-type", + "text" : "type", + "type" : "Enum(hash)", + "default" : "hash" + }, + { + "doc" : "指示哪个属性用于表示用户密码。", + "hash" : "V-authentication-S-ldap-method-S-hash_method-password_attribute", + "text" : "password_attribute", + "type" : "String", + "default" : "userPassword" + }, + { + "doc" : "指示哪个属性用于表示用户是否为超级用户。", + "hash" : "V-authentication-S-ldap-method-S-hash_method-is_superuser_attribute", + "text" : "is_superuser_attribute", + "type" : "String", + "default" : "isSuperuser" + } + ], + "text" : "hash_method" + }, + { + "doc" : "通过 LDAP 绑定操作进行认证。", + "hash" : "T-authentication-S-ldap-method-S-bind_method", + "fields" : [ + { + "doc" : "认证方式类型。", + "hash" : "V-authentication-S-ldap-method-S-bind_method-type", + "text" : "type", + "type" : "Enum(bind)", + "default" : "bind" + }, + { + "doc" : "绑定密码的模版", + "hash" : "V-authentication-S-ldap-method-S-bind_method-bind_password", + "text" : "bind_password", + "type" : "String", + "default" : "\"${password}\"" + } + ], + "text" : "bind_method" + } + ], + "hash" : "V-authentication-S-ldap-method", + "text" : "method", + "type" : "OneOf(Struct(hash_method),Struct(bind_method))" + } + ], + "text" : "ldap" + }, + { + "doc" : "这是一种已弃用的形式,应避免使用。", + "hash" : "T-authentication-S-ldap_deprecated", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-ldap_deprecated-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-ldap_deprecated-backend", + "text" : "backend", + "type" : "String(\"ldap\")" + }, + { + "doc" : "LDAP 查询的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap_deprecated-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机名条目的格式为:`主机[:端口]`。
\n如果 `[:端口]` 未指定, 将使用 LDAP 默认端口 389。", + "hash" : "V-authentication-S-ldap_deprecated-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-ldap_deprecated-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-ldap_deprecated-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-ldap_deprecated-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "与基本对象条目(或根)相关的名称。\n搜索用户的起点。", + "hash" : "V-authentication-S-ldap_deprecated-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "定义哪些条件必须被依次满足的过滤器\n用于搜索匹配一条给定的条目.
\n筛选器的语法遵循 RFC 4515,并且还支持占位符。", + "hash" : "V-authentication-S-ldap_deprecated-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "设置每个单独请求所使用的最大时间(以毫秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap_deprecated-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "启用 SSL 连接。", + "hash" : "T-authentication-S-ldap_deprecated-ssl-S-ssl", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authentication-S-ldap_deprecated-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + }, + { + "doc" : "指示哪个属性用于表示用户密码。", + "hash" : "V-authentication-S-ldap_deprecated-password_attribute", + "text" : "password_attribute", + "type" : "String", + "default" : "userPassword" + }, + { + "doc" : "指示哪个属性用于表示用户是否为超级用户。", + "hash" : "V-authentication-S-ldap_deprecated-is_superuser_attribute", + "text" : "is_superuser_attribute", + "type" : "String", + "default" : "isSuperuser" + } + ], + "text" : "ldap_deprecated" + } + ], + "hash" : "V-authentication", + "text" : "authentication", + "type" : "Array(OneOf(Struct(builtin_db),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(redis_single),Struct(redis_cluster),Struct(redis_sentinel),Struct(http_get),Struct(http_post),Struct(jwt_hmac),Struct(jwt_public_key),Struct(jwt_jwks),Struct(scram),Struct(ldap),Struct(ldap_deprecated)))", + "default" : "[]" + }, + { + "doc" : "授权(ACL)。EMQX 支持完整的客户端访问控制(ACL)。", + "refs" : [ + { + "doc" : "授权相关", + "hash" : "T-authorization-S-authorization", + "fields" : [ + { + "doc" : "如果用户或客户端不匹配 ACL 规则,或者从可配置授权源(比如内置数据库、HTTP API 或 PostgreSQL 等。)内未找\n到此类用户或客户端时,模式的认访问控制操作。\n在“授权”中查找更多详细信息。", + "hash" : "V-authorization-S-authorization-no_match", + "text" : "no_match", + "type" : "Enum(allow,deny)", + "default" : "allow" + }, + { + "doc" : "授权检查拒绝操作时的操作。", + "hash" : "V-authorization-S-authorization-deny_action", + "text" : "deny_action", + "type" : "Enum(ignore,disconnect)", + "default" : "ignore" + }, + { + "refs" : [ + { + "doc" : "Settings for the authorization cache.", + "hash" : "T-authorization-S-authorization-cache-S-authz_cache", + "fields" : [ + { + "doc" : "缓存项的最大数量。", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-max_size", + "text" : "max_size", + "type" : "Integer(1..1048576)", + "default" : "32" + }, + { + "doc" : "缓存数据的生存时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-ttl", + "text" : "ttl", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "排除主题列表,列表内的主题将不会生成授权缓存。", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-excludes", + "text" : "excludes", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "authz_cache" + } + ], + "hash" : "V-authorization-S-authorization-cache", + "text" : "cache", + "type" : "Struct(authz_cache)" + }, + { + "doc" : "
\n授权(ACL)数据提供者的数组。\n它被设计为一个数组,而不是哈希映射,因此可以\n将源按顺序排列形成访问控制链。
\n\n在授权 '发布' 或 '订阅' 操作时,配置的\n源会按顺序检查。在检查 ACL 源时,\n如果未找到客户端(通过用户名或客户端 ID 标识),\n则继续检查下一个源。一旦返回 '允许' 或 '拒绝' 决定,\n立即停止检查。
\n\n如果在任何源中都未找到客户端,\n则应用 'authorization.no_match' 中配置的默认操作。
\n\n注意:\n源元素由它们的 '类型' 标识。\n不允许配置两个或更多相同类型的源。", + "refs" : [ + { + "doc" : "使用 ACL 文件授权。", + "hash" : "T-authorization-S-authorization-sources-S-file", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-file-type", + "text" : "type", + "type" : "String(\"file\")" + }, + { + "doc" : "包含 ACL 规则的文件路径。\n如果该文件在启动 EMQX 节点之前已经配置好,\n只要 EMQX 有读取权限,它可以放置在任何位置。\n即,EMQX 将把它视为只读。\n\n如果规则集是从 EMQX Dashboard 或 HTTP API 创建或更新的,\n将创建一个新文件并放置在 EMQX 的 data_dir 中的 authz 子目录下,\n旧文件将不再使用。", + "hash" : "V-authorization-S-authorization-sources-S-file-path", + "text" : "path", + "type" : "String" + } + ], + "text" : "file" + }, + { + "doc" : "使用内置数据库 (mnesia) 进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-builtin_db", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-builtin_db-type", + "text" : "type", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "每个客户端/用户的最大规则数。请注意,随着规则数量的增加,性能可能会下降。", + "hash" : "V-authorization-S-authorization-sources-S-builtin_db-max_rules", + "text" : "max_rules", + "type" : "Integer(1..+inf)", + "default" : "100" + } + ], + "text" : "builtin_db" + }, + { + "doc" : "使用外部 HTTP 服务器授权(GET 请求)。", + "hash" : "T-authorization-S-authorization-sources-S-http_get", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-http_get-type", + "text" : "type", + "type" : "String(\"http\")" + }, + { + "doc" : "认证服务器地址", + "hash" : "V-authorization-S-authorization-sources-S-http_get-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求超时。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request_timeout", + "text" : "request_timeout", + "type" : "String", + "default" : "\"30s\"" + }, + { + "doc" : "HTTP 请求体", + "hash" : "V-authorization-S-authorization-sources-S-http_get-body", + "text" : "body", + "type" : "Map($name->String)" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "配置 HTTP 请求参数。", + "refs" : [ + { + "doc" : "", + "hash" : "T-authorization-S-authorization-sources-S-http_get-request-S-request", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_get-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "HTTP 请求方法", + "hash" : "V-authorization-S-authorization-sources-S-http_get-method", + "text" : "method", + "type" : "String(\"get\")" + }, + { + "doc" : "HTTP Headers 列表 (无 content-type) 。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}" + } + ], + "text" : "http_get" + }, + { + "doc" : "使用外部 HTTP 服务器授权(POST 请求)。", + "hash" : "T-authorization-S-authorization-sources-S-http_post", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-http_post-type", + "text" : "type", + "type" : "String(\"http\")" + }, + { + "doc" : "认证服务器地址", + "hash" : "V-authorization-S-authorization-sources-S-http_post-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求超时。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request_timeout", + "text" : "request_timeout", + "type" : "String", + "default" : "\"30s\"" + }, + { + "doc" : "HTTP 请求体", + "hash" : "V-authorization-S-authorization-sources-S-http_post-body", + "text" : "body", + "type" : "Map($name->String)" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "配置 HTTP 请求参数。", + "refs" : [ + { + "doc" : "", + "hash" : "T-authorization-S-authorization-sources-S-http_post-request-S-request", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_post-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "HTTP 请求方法", + "hash" : "V-authorization-S-authorization-sources-S-http_post-method", + "text" : "method", + "type" : "String(\"post\")" + }, + { + "doc" : "HTTP Headers 列表", + "hash" : "V-authorization-S-authorization-sources-S-http_post-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}" + } + ], + "text" : "http_post" + }, + { + "doc" : "使用单个 Redis 实例进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-redis_single", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Single 模式。 当 Redis 服务器在 Single 模式下运行时必须设置为 'single' 。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-redis_type", + "text" : "redis_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis 数据库 ID。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "用于检索授权数据的数据库查询。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_single" + }, + { + "doc" : "使用 Redis Sentinel 进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Sentinel 模式。 当 Redis 服务器在 Senitel 模式下运行时必须设置为 'sentinel' 。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-redis_type", + "text" : "redis_type", + "type" : "String(\"sentinel\")", + "default" : "sentinel" + }, + { + "doc" : "Redis sentinel 模式下的集群名称。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-sentinel", + "text" : "sentinel", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis 数据库 ID。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "用于检索授权数据的数据库查询。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_sentinel" + }, + { + "doc" : "使用 Redis 集群进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-redis_cluster", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Cluster 模式。当 Redis 服务器在集群模式下运行时必须设置为'cluster'。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-redis_type", + "text" : "redis_type", + "type" : "String(\"cluster\")", + "default" : "cluster" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "用于检索授权数据的数据库查询。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_cluster" + }, + { + "doc" : "使用 MySQL 数据库进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-mysql", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-mysql-type", + "text" : "type", + "type" : "String(\"mysql\")" + }, + { + "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式如下:主机[:端口]。
\n如果未指定[:端口],将使用 MySQL 的默认端口3306。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "SQL 预处理语句列表。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-prepare_statement", + "text" : "prepare_statement", + "type" : "Map" + }, + { + "doc" : "用于检索授权数据的数据库查询。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-query", + "text" : "query", + "type" : "String" + } + ], + "text" : "mysql" + }, + { + "doc" : "使用 PostgreSQL 数据库进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-postgresql", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-type", + "text" : "type", + "type" : "String(\"postgresql\")" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目的格式为:Host[:Port]。
\n如果没有指定 [:Port],将使用 PostgreSQL 默认端口 5432。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "SQL 预处理语句列表。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-prepare_statement", + "text" : "prepare_statement", + "type" : "Map" + }, + { + "doc" : "用于检索授权数据的数据库查询。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-query", + "text" : "query", + "type" : "String" + } + ], + "text" : "postgresql" + }, + { + "doc" : "使用 MongoDB 授权(单实例)。", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "包含授权数据的 `MongoDB` 集合。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "定义查询中过滤条件的条件表达式。\n过滤器支持以下占位符
\n - ${username}:在连接时将用客户端使用的 用户名 替换
\n - ${clientid}:在连接时将用客户端使用的 客户端 ID 替换", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "独立实例。当MongoDB服务器以独立模式运行时,必须设置为`single`。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-mongo_type", + "text" : "mongo_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
主机条目具有以下形式:主机[:端口]。
如果未指定[:端口],则使用MongoDB的默认端口27017。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_single" + }, + { + "doc" : "使用 MongoDB 授权(副本集模式)", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "包含授权数据的 `MongoDB` 集合。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "定义查询中过滤条件的条件表达式。\n过滤器支持以下占位符
\n - ${username}:在连接时将用客户端使用的 用户名 替换
\n - ${clientid}:在连接时将用客户端使用的 客户端 ID 替换", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "副本集。当MongoDB服务器以`副本集`模式运行时,必须设置为`rs`。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-mongo_type", + "text" : "mongo_type", + "type" : "String(\"rs\")", + "default" : "rs" + }, + { + "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "读取模式。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-r_mode", + "text" : "r_mode", + "type" : "Enum(master,slave_ok)", + "default" : "master" + }, + { + "doc" : "副本集的名称。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-replica_set_name", + "text" : "replica_set_name", + "type" : "String" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_rs" + }, + { + "doc" : "使用 MongoDB 授权(分片集群模式)。", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "包含授权数据的 `MongoDB` 集合。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "定义查询中过滤条件的条件表达式。\n过滤器支持以下占位符
\n - ${username}:在连接时将用客户端使用的 用户名 替换
\n - ${clientid}:在连接时将用客户端使用的 客户端 ID 替换", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "分片集群。当 MongoDB 服务器以`分片`模式运行时,必须设置为`sharded`。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-mongo_type", + "text" : "mongo_type", + "type" : "String(\"sharded\")", + "default" : "sharded" + }, + { + "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_sharded" + }, + { + "doc" : "AuthZ with LDAP", + "hash" : "T-authorization-S-authorization-sources-S-ldap", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-ldap-type", + "text" : "type", + "type" : "String(\"ldap\")" + }, + { + "doc" : "表示使用哪个属性来表示允许`发布`的主题列表。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-publish_attribute", + "text" : "publish_attribute", + "type" : "String", + "default" : "mqttPublishTopic" + }, + { + "doc" : "表示使用哪个属性来表示允许`订阅`的主题列表。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-subscribe_attribute", + "text" : "subscribe_attribute", + "type" : "String", + "default" : "mqttSubscriptionTopic" + }, + { + "doc" : "表示使用哪个属性来表示允许`发布`和`订阅`的主题列表。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-all_attribute", + "text" : "all_attribute", + "type" : "String", + "default" : "mqttPubSubTopic" + }, + { + "doc" : "LDAP 查询超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机名条目的格式为:`主机[:端口]`。
\n如果 `[:端口]` 未指定, 将使用 LDAP 默认端口 389。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "与基本对象条目(或根)相关的名称。\n搜索用户的起点。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "定义哪些条件必须被依次满足的过滤器\n用于搜索匹配一条给定的条目.
\n筛选器的语法遵循 RFC 4515,并且还支持占位符。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "设置每个单独请求所使用的最大时间(以毫秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "启用 SSL 连接。", + "hash" : "T-authorization-S-authorization-sources-S-ldap-ssl-S-ssl", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + } + ], + "text" : "ldap" + } + ], + "hash" : "V-authorization-S-authorization-sources", + "text" : "sources", + "type" : "Array(OneOf(Struct(file),Struct(builtin_db),Struct(http_get),Struct(http_post),Struct(redis_single),Struct(redis_sentinel),Struct(redis_cluster),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(ldap)))", + "default" : "[{enable = true, path = \"${EMQX_ETC_DIR}/acl.conf\", type = file}]" + } + ], + "text" : "authorization" + } + ], + "hash" : "V-authorization", + "text" : "authorization", + "type" : "Struct(authorization)" + }, + { + "refs" : [ + { + "doc" : "节点名称、Cookie、配置文件、数据目录和 Erlang 虚拟机(BEAM)启动参数。", + "hash" : "T-node-S-node", + "fields" : [ + { + "doc" : "节点名。格式为 \\@\\。其中 可以是 IP 地址,也可以是 FQDN。\n详见 http://erlang.org/doc/reference_manual/distributed.html。", + "hash" : "V-node-S-node-name", + "text" : "name", + "type" : "String", + "default" : "\"emqx@127.0.0.1\"" + }, + { + "doc" : "分布式 Erlang 集群使用的 cookie 值。集群间保持一致", + "hash" : "V-node-S-node-cookie", + "text" : "cookie", + "type" : "String" + }, + { + "doc" : "Erlang 系统同时存在的最大端口数。\n实际选择的最大值可能比设置的数字大得多。\n参考: https://www.erlang.org/doc/man/erl.html", + "hash" : "V-node-S-node-max_ports", + "text" : "max_ports", + "type" : "Integer(1024..134217727)", + "default" : "1048576" + }, + { + "doc" : "Erlang 分布式缓冲区的繁忙阈值,单位是 KB。", + "hash" : "V-node-S-node-dist_buffer_size", + "text" : "dist_buffer_size", + "type" : "Integer(1..2097151)", + "default" : "8192" + }, + { + "doc" : "节点数据存放目录,可能会自动创建的子目录如下:
\n- `mnesia/`。EMQX 的内置数据库目录。例如,`mnesia/emqx@127.0.0.1`。
\n如果节点要被重新命名(例如,`emqx@10.0.1.1`)。旧目录应该首先被删除。
\n- `configs`。在启动时生成的配置,以及集群/本地覆盖的配置。
\n- `patches`: 热补丁文件将被放在这里。
\n- `trace`: 日志跟踪文件。
\n\n**注意**: 一个数据 dir 不能被两个或更多的 EMQX 节点同时使用。", + "hash" : "V-node-S-node-data_dir", + "text" : "data_dir", + "type" : "String" + }, + { + "doc" : "系统调优参数,设置节点运行多久强制进行一次全局垃圾回收。禁用设置为 disabled。", + "hash" : "V-node-S-node-global_gc_interval", + "text" : "global_gc_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"15m\"" + }, + { + "doc" : "选择节点的角色。
\ncore 节点提供数据的持久性,并负责写入。建议将核心节点放置在不同的机架或不同的可用区。
\nrepliant 节点是临时工作节点。 从集群中删除它们,不影响数据库冗余
\n建议复制节点多于核心节点。
\n注意:该参数仅在设置backend时生效到 rlog。", + "hash" : "V-node-S-node-role", + "aliases" : [ + "db_role" + ], + "text" : "role", + "type" : "Enum(core)", + "default" : "core" + } + ], + "text" : "node" + } + ], + "hash" : "V-node", + "text" : "node", + "type" : "Struct(node)" + }, + { + "refs" : [ + { + "doc" : "EMQX 节点可以组成一个集群,以提高总容量。
这里指定了节点之间如何连接。", + "hash" : "T-cluster-S-cluster", + "fields" : [ + { + "doc" : "EMQX 集群名称。每个集群都有一个唯一的名称。服务发现时会用于做路径的一部分。", + "hash" : "V-cluster-S-cluster-name", + "text" : "name", + "type" : "String", + "default" : "emqxcl" + }, + { + "doc" : "集群节点发现方式。可选值为:\n- manual: 使用 emqx ctl cluster 命令管理集群。
\n- static: 配置静态节点。配置几个固定的节点,新节点通过连接固定节点中的某一个来加入集群。
\n- dns: 使用 DNS A 记录的方式发现节点。
\n- etcd: 使用 etcd 发现节点。
\n- k8s: 使用 Kubernetes API 发现节点。", + "hash" : "V-cluster-S-cluster-discovery_strategy", + "text" : "discovery_strategy", + "type" : "Enum(manual,static,singleton,dns,etcd,k8s)", + "default" : "manual" + }, + { + "doc" : "指定多久之后从集群中删除离线节点。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-cluster-S-cluster-autoclean", + "text" : "autoclean", + "type" : "Duration", + "default" : "\"24h\"" + }, + { + "doc" : "集群脑裂自动恢复机制开关。", + "hash" : "V-cluster-S-cluster-autoheal", + "text" : "autoheal", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "分布式 Erlang 集群协议类型。可选值为:
\n- inet_tcp: 使用 IPv4
\n- inet_tls: 使用 TLS,需要配合 etc/ssl_dist.conf 一起使用。
\n- inet6_tcp: IPv6 TCP
\n- inet6_tls: IPv6 TLS, 与 etc/ssl_dist.conf 配合使用。", + "hash" : "V-cluster-S-cluster-proto_dist", + "text" : "proto_dist", + "type" : "Enum(inet_tcp,inet6_tcp,inet_tls,inet6_tls)", + "default" : "inet_tcp" + }, + { + "refs" : [ + { + "doc" : "静态节点服务发现。新节点通过连接一个节点来加入集群。", + "hash" : "T-cluster-S-cluster-static-S-cluster_static", + "fields" : [ + { + "doc" : "集群中的 EMQX 节点名称列表,\n指定固定的节点列表,多个节点间使用逗号 , 分隔。\n当 cluster.discovery_strategy 为 static 时,此配置项才有效。\n适合于节点数量较少且固定的集群。", + "hash" : "V-cluster-S-cluster-static-S-cluster_static-seeds", + "text" : "seeds", + "type" : "OneOf(String,Array(String))", + "default" : "[]" + } + ], + "text" : "cluster_static" + } + ], + "hash" : "V-cluster-S-cluster-static", + "text" : "static", + "type" : "Struct(cluster_static)" + }, + { + "refs" : [ + { + "doc" : "DNS SRV 记录服务发现。", + "hash" : "T-cluster-S-cluster-dns-S-cluster_dns", + "fields" : [ + { + "doc" : "指定 DNS A 记录的名字。emqx 会通过访问这个 DNS A 记录来获取 IP 地址列表。\n当cluster.discovery_strategydns 时有效。", + "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-name", + "text" : "name", + "type" : "String", + "default" : "localhost" + }, + { + "doc" : "DNS 记录类型。", + "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-record_type", + "text" : "record_type", + "type" : "Enum(a,aaaa,srv)", + "default" : "a" + } + ], + "text" : "cluster_dns" + } + ], + "hash" : "V-cluster-S-cluster-dns", + "text" : "dns", + "type" : "Struct(cluster_dns)" + }, + { + "refs" : [ + { + "doc" : "使用 'etcd' 服务的服务发现。", + "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd", + "fields" : [ + { + "doc" : "指定 etcd 服务的地址。如有多个服务使用逗号 , 分隔。\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "指定 etcd 路径的前缀。每个节点在 etcd 中都会创建一个路径:\nv2/keys///
\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-prefix", + "text" : "prefix", + "type" : "String", + "default" : "emqxcl" + }, + { + "doc" : "指定 etcd 中节点信息的过期时间。\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-node_ttl", + "text" : "node_ttl", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "当使用 TLS 连接 etcd 时的配置选项。\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options", + "aliases" : [ + "ssl" + ], + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)" + } + ], + "text" : "cluster_etcd" + } + ], + "hash" : "V-cluster-S-cluster-etcd", + "text" : "etcd", + "type" : "Struct(cluster_etcd)" + }, + { + "refs" : [ + { + "doc" : "Kubernetes 服务发现。", + "hash" : "T-cluster-S-cluster-k8s-S-cluster_k8s", + "fields" : [ + { + "doc" : "指定 Kubernetes API Server。如有多个 Server 使用逗号 , 分隔。\n当 cluster.discovery_strategy 为 k8s 时,此配置项才有效。", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-apiserver", + "text" : "apiserver", + "type" : "String", + "default" : "\"https://kubernetes.default.svc:443\"" + }, + { + "doc" : "指定 Kubernetes 中 EMQX 的服务名。\n当 cluster.discovery_strategy 为 k8s 时,此配置项才有效。", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-service_name", + "text" : "service_name", + "type" : "String", + "default" : "emqx" + }, + { + "doc" : "当使用 k8s 方式集群时,address_type 用来从 Kubernetes 接口的应答里获取什么形式的 Host 列表。\n指定 cluster.k8s.address_typeip,则将从 Kubernetes 接口中获取集群中其他节点\n的 IP 地址。", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-address_type", + "text" : "address_type", + "type" : "Enum(ip,dns,hostname)", + "default" : "ip" + }, + { + "doc" : "当使用 k8s 方式并且 cluster.k8s.address_type 指定为 dns 类型时,\n可设置 emqx 节点名的命名空间。与 cluster.k8s.suffix 一起使用用以拼接得到节点名列表。", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-namespace", + "text" : "namespace", + "type" : "String", + "default" : "default" + }, + { + "doc" : "当使用 k8s 方式并且 cluster.k8s.address_type 指定为 dns 类型时,可设置 emqx 节点名的后缀。\n与 cluster.k8s.namespace 一起使用用以拼接得到节点名列表。", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-suffix", + "text" : "suffix", + "type" : "String", + "default" : "\"pod.local\"" + } + ], + "text" : "cluster_k8s" + } + ], + "hash" : "V-cluster-S-cluster-k8s", + "text" : "k8s", + "type" : "Struct(cluster_k8s)" + } + ], + "text" : "cluster" + } + ], + "hash" : "V-cluster", + "text" : "cluster", + "type" : "Struct(cluster)" + }, + { + "doc" : "EMQX 支持两种主要的日志处理进程:file 和 console,另有一个专门设计用于始终将日志定向到文件的 audit 处理进程。\n系统的默认日志处理行为可以通过环境变量 `EMQX_DEFAULT_LOG_HANDLER` 配置,它接受以下设置:\n\n- file:将日志输出仅定向到文件。\n- console:将日志输出仅定向到控制台。\n\n值得注意的是,当通过 systemd 的 emqx.service 文件启动 EMQX 时,EMQX_DEFAULT_LOG_HANDLER 被设置为 file。\n在 systemd 启动之外的场景中,console 作为默认的日志处理进程。", + "refs" : [ + { + "doc" : "EMQX 支持同时多个日志输出,一个控制台输出,和多个文件输出。\n默认情况下,EMQX 运行在容器中,或者在 'console' 或 'foreground' 模式下运行时,会输出到 控制台,否则输出到文件。", + "hash" : "T-log-S-log", + "fields" : [ + { + "refs" : [ + { + "doc" : "日志处理进程将日志事件打印到 EMQX 控制台。", + "hash" : "T-log-S-log-console-S-console_handler", + "fields" : [ + { + "doc" : "当前日志处理进程的日志级别。\n默认为 warning 级别。", + "hash" : "V-log-S-log-console-S-console_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "启用此日志处理进程。", + "hash" : "V-log-S-log-console-S-console_handler-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "选择日志格式类型。 text 用于纯文本,json 用于结构化日志记录。", + "hash" : "V-log-S-log-console-S-console_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。", + "hash" : "V-log-S-log-console-S-console_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。", + "hash" : "V-log-S-log-console-S-console_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`", + "hash" : "V-log-S-log-console-S-console_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "console_handler" + } + ], + "hash" : "V-log-S-log-console", + "aliases" : [ + "console_handler" + ], + "text" : "console", + "type" : "Struct(console_handler)" + }, + { + "doc" : "输出到文件的日志处理进程列表", + "refs" : [ + { + "doc" : "日志处理进程将日志事件打印到文件。", + "hash" : "T-log-S-log-file-S-log_file_handler", + "fields" : [ + { + "doc" : "日志文件路径及名字。", + "hash" : "V-log-S-log-file-S-log_file_handler-path", + "aliases" : [ + "file", + "to" + ], + "text" : "path", + "type" : "String", + "default" : "\"${EMQX_LOG_DIR}/emqx.log\"" + }, + { + "doc" : "轮换的最大日志文件数。", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count", + "aliases" : [ + "rotation" + ], + "text" : "rotation_count", + "type" : "Integer(1..128)", + "default" : "10" + }, + { + "doc" : "此参数控制日志文件轮换。 `infinity` 意味着日志文件将无限增长,否则日志文件将在达到 `max_size`(以字节为单位)时进行轮换。\n与 rotation count 配合使用。如果 counter 为 10,则是 10 个文件轮换。", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size", + "aliases" : [ + "max_size" + ], + "text" : "rotation_size", + "type" : "OneOf(String(\"infinity\"),Bytesize)", + "default" : "\"50MB\"" + }, + { + "doc" : "当前日志处理进程的日志级别。\n默认为 warning 级别。", + "hash" : "V-log-S-log-file-S-log_file_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "选择日志格式类型。 text 用于纯文本,json 用于结构化日志记录。", + "hash" : "V-log-S-log-file-S-log_file_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。", + "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。", + "hash" : "V-log-S-log-file-S-log_file_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`", + "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "log_file_handler" + }, + { + "doc" : "日志处理进程将日志事件打印到文件。", + "hash" : "T-log-S-log-file-S-log_file_handler", + "fields" : [ + { + "doc" : "日志文件路径及名字。", + "hash" : "V-log-S-log-file-S-log_file_handler-path", + "aliases" : [ + "file", + "to" + ], + "text" : "path", + "type" : "String", + "default" : "\"${EMQX_LOG_DIR}/emqx.log\"" + }, + { + "doc" : "轮换的最大日志文件数。", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count", + "aliases" : [ + "rotation" + ], + "text" : "rotation_count", + "type" : "Integer(1..128)", + "default" : "10" + }, + { + "doc" : "此参数控制日志文件轮换。 `infinity` 意味着日志文件将无限增长,否则日志文件将在达到 `max_size`(以字节为单位)时进行轮换。\n与 rotation count 配合使用。如果 counter 为 10,则是 10 个文件轮换。", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size", + "aliases" : [ + "max_size" + ], + "text" : "rotation_size", + "type" : "OneOf(String(\"infinity\"),Bytesize)", + "default" : "\"50MB\"" + }, + { + "doc" : "当前日志处理进程的日志级别。\n默认为 warning 级别。", + "hash" : "V-log-S-log-file-S-log_file_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "选择日志格式类型。 text 用于纯文本,json 用于结构化日志记录。", + "hash" : "V-log-S-log-file-S-log_file_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。", + "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。", + "hash" : "V-log-S-log-file-S-log_file_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`", + "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "log_file_handler" + } + ], + "hash" : "V-log-S-log-file", + "aliases" : [ + "file_handlers" + ], + "text" : "file", + "type" : "OneOf(Struct(log_file_handler),Map($handler_name->Struct(log_file_handler)))", + "default" : "{level = warning}" + }, + { + "refs" : [ + { + "doc" : "日志限流功能通过在配置的时间窗口内丢弃除第一个事件外的所有事件,来减少可能泛滥的日志事件数量。\n如果 `console` 或 `file` 日志级别设置为 debug,则自动禁用限流。", + "hash" : "T-log-S-log-throttling-S-log_throttling", + "fields" : [ + { + "doc" : "此配置设置控制限流消息的日志记录行为,包括但不限于像 'authorization_permission_denied' 这样的消息。\n在每个定义的时间窗口内,只有一个限流消息的实例会被记录,以防止日志泛滥。\n在每个时间窗口结束时,将生成一个摘要日志,详细说明该期间内任何限流消息的发生。\n重要的是,此设置的最短有效时间窗口为 1 秒(1s)。\n如果指定的值低于 1s,则会自动调整为 1s。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-log-S-log-throttling-S-log_throttling-time_window", + "text" : "time_window", + "type" : "Duration(s)", + "default" : "\"1m\"" + } + ], + "text" : "log_throttling" + } + ], + "hash" : "V-log-S-log-throttling", + "text" : "throttling", + "type" : "Struct(log_throttling)" + } + ], + "text" : "log" + } + ], + "hash" : "V-log", + "text" : "log", + "type" : "Struct(log)" + }, + { + "refs" : [ + { + "doc" : "EMQX 使用 gen_rpc 库来实现跨节点通信。
\n大多数情况下,默认的配置应该可以工作,但如果你需要做一些性能优化或者实验,可以尝试调整这些参数。", + "hash" : "T-rpc-S-rpc", + "fields" : [ + { + "doc" : "在 sync 模式下,发送端等待接收端的 ack 信号。", + "hash" : "V-rpc-S-rpc-mode", + "text" : "mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "集群间通信使用的传输协议。", + "hash" : "V-rpc-S-rpc-protocol", + "aliases" : [ + "driver" + ], + "text" : "protocol", + "type" : "Enum(tcp,ssl)", + "default" : "tcp" + }, + { + "doc" : "异步模式下,发送的批量消息的最大数量。", + "hash" : "V-rpc-S-rpc-async_batch_size", + "text" : "async_batch_size", + "type" : "Integer", + "default" : "256" + }, + { + "doc" : "manual: 通过 server_port 来发现端口。\n
stateless: 使用无状态的方式来发现端口,使用如下算法。如果节点名称是 \nemqxN@127.0.0.1, N 是一个数字,那么监听端口就是 5370 + N。\n注意:当 port_discovery 设置为 manual 时,server_port 配置将不起作用。", + "hash" : "V-rpc-S-rpc-port_discovery", + "text" : "port_discovery", + "type" : "Enum(manual,stateless)", + "default" : "stateless" + }, + { + "doc" : "RPC 本地服务使用的监听端口。
\n请注意,此配置仅在 rpc.port_discovery 设置为手动时生效。", + "hash" : "V-rpc-S-rpc-server_port", + "aliases" : [ + "tcp_server_port", + "ssl_server_port" + ], + "text" : "server_port", + "type" : "Integer(1..+inf)", + "default" : "5369" + }, + { + "doc" : "设置该节点与每个远程节点之间发起的最大 RPC 通信通道数量。", + "hash" : "V-rpc-S-rpc-client_num", + "aliases" : [ + "tcp_client_num" + ], + "text" : "client_num", + "type" : "Integer(1..256)", + "default" : "10" + }, + { + "doc" : "建立 RPC 连接的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "TLS 证书文件的路径,用于验证集群节点的身份。\n只有当 rpc.driver 设置为 ssl 时,此配置才会生效。", + "hash" : "V-rpc-S-rpc-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "rpc.certfile 的私钥文件的路径。
\n注意:此文件内容是私钥,所以需要设置权限为 600。", + "hash" : "V-rpc-S-rpc-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "验证 rpc.certfile 的 CA 证书文件的路径。
\n注意:集群中所有节点的证书必须使用同一个 CA 签发。", + "hash" : "V-rpc-S-rpc-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "发送 RPC 请求的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "远程节点认证的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-authentication_timeout", + "text" : "authentication_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "同步 RPC 的回复超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-call_receive_timeout", + "text" : "call_receive_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "对应 TCP_KEEPIDLE socket 选项。指定在 TCP 开始发送 keepalive 探测包之前,连接需要保持空闲的时间(以秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-socket_keepalive_idle", + "text" : "socket_keepalive_idle", + "type" : "Duration(s)", + "default" : "\"15m\"" + }, + { + "doc" : "对应 TCP_KEEPINTVL socket 选项。指每次 keepalive 探测之间的时间间隔(以秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-socket_keepalive_interval", + "text" : "socket_keepalive_interval", + "type" : "Duration(s)", + "default" : "\"75s\"" + }, + { + "doc" : "对应 TCP_KEEPCNT socket 选项。指定在放弃连接并终止连接之前发送的最大 TCP keepalive 探测次数,如果未从另一端收到响应,则终止连接。", + "hash" : "V-rpc-S-rpc-socket_keepalive_count", + "text" : "socket_keepalive_count", + "type" : "Integer", + "default" : "9" + }, + { + "doc" : "TCP 调节参数。TCP 发送缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-rpc-S-rpc-socket_sndbuf", + "text" : "socket_sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP 调节参数。TCP 接收缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-rpc-S-rpc-socket_recbuf", + "text" : "socket_recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP 调节参数。用户模式套接字缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-rpc-S-rpc-socket_buffer", + "text" : "socket_buffer", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "兼容旧的无鉴权模式", + "hash" : "V-rpc-S-rpc-insecure_fallback", + "text" : "insecure_fallback", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-rpc-S-rpc-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-rpc-S-rpc-tls_versions", + "text" : "tls_versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "指示 RPC 服务器监听的 IP 地址。例如,使用 \"0.0.0.0\" 表示 IPv4 或 \"::\" 表示 IPv6。", + "hash" : "V-rpc-S-rpc-listen_address", + "text" : "listen_address", + "type" : "String", + "default" : "\"0.0.0.0\"" + }, + { + "doc" : "此设置仅在 rpc.listen_address 被分配了一个 IPv6 地址时有效。\n如果设置为 true,RPC 客户端将仅使用 IPv6 进行连接。\n否则,即使服务器位于 IPv6 上,客户端也可能选择 IPv4。", + "hash" : "V-rpc-S-rpc-ipv6_only", + "text" : "ipv6_only", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "rpc" + } + ], + "hash" : "V-rpc", + "text" : "rpc", + "type" : "Struct(rpc)" + }, + { + "doc" : "系统主题配置。", + "refs" : [ + { + "doc" : "The EMQX Broker periodically publishes its own status, message statistics,\nclient online and offline events to the system topic starting with `$SYS/`.\n\nThe following options control the behavior of `$SYS` topics.", + "hash" : "T-sys_topics-S-sys_topics", + "fields" : [ + { + "doc" : "发送 `$SYS` 主题的间隔时间。", + "hash" : "V-sys_topics-S-sys_topics-sys_msg_interval", + "text" : "sys_msg_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"1m\"" + }, + { + "doc" : "发送心跳系统消息的间隔时间,它包括:\n - `$SYS/brokers//uptime`\n - `$SYS/brokers//datetime`", + "hash" : "V-sys_topics-S-sys_topics-sys_heartbeat_interval", + "text" : "sys_heartbeat_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"30s\"" + }, + { + "doc" : "客户端事件消息。", + "refs" : [ + { + "doc" : "Enable or disable client lifecycle event publishing.\n\nThe following options affect MQTT clients as well as\ngateway clients. The types of the clients\nare distinguished by the topic prefix:\n\n- For the MQTT clients, the format is:\n`$SYS/broker//clients//`\n- For the Gateway clients, it is\n`$SYS/broker//gateway//clients//`\n", + "hash" : "T-sys_topics-S-sys_topics-sys_event_messages-S-event_names", + "fields" : [ + { + "doc" : "是否开启客户端已连接事件消息。", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_connected", + "text" : "client_connected", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "是否开启客户端已断开连接事件消息。", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_disconnected", + "text" : "client_disconnected", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "是否开启客户端已成功订阅主题事件消息。", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_subscribed", + "text" : "client_subscribed", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "是否开启客户端已成功取消订阅主题事件消息。", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_unsubscribed", + "text" : "client_unsubscribed", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "event_names" + } + ], + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages", + "text" : "sys_event_messages", + "type" : "Struct(event_names)" + } + ], + "text" : "sys_topics" + } + ], + "hash" : "V-sys_topics", + "text" : "sys_topics", + "type" : "Struct(sys_topics)" + }, + { + "refs" : [ + { + "doc" : "When the process message queue length, or the memory bytes\nreaches a certain value, the process is forced to close.\n\nNote: \"message queue\" here refers to the \"message mailbox\"\nof the Erlang process, not the `mqueue` of QoS 1 and QoS 2.", + "hash" : "T-force_shutdown-S-force_shutdown", + "fields" : [ + { + "doc" : "每个在线客户端在 EMQX 服务器中都是独立的一个进程。该配置可以设为单个进程的邮箱消息队列设置最大长度,当超过该上限时,客户端会被强制下线。", + "hash" : "V-force_shutdown-S-force_shutdown-max_mailbox_size", + "aliases" : [ + "max_message_queue_len" + ], + "text" : "max_mailbox_size", + "type" : "Integer(0..inf)", + "default" : "1000" + }, + { + "doc" : "Heap 的总大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-force_shutdown-S-force_shutdown-max_heap_size", + "text" : "max_heap_size", + "type" : "Bytesize", + "default" : "\"32MB\"" + } + ], + "text" : "force_shutdown" + } + ], + "hash" : "V-force_shutdown", + "text" : "force_shutdown", + "type" : "Struct(force_shutdown)" + }, + { + "doc" : "与 EMQX 持久存储相关的配置。\n\nEMQX 使用持久存储来卸载各种数据到磁盘,如 MQTT 消息。", + "refs" : [ + { + "doc" : "与 EMQX 持久存储相关的配置。\n\nEMQX 使用持久存储来卸载各种数据到磁盘,如 MQTT 消息。", + "hash" : "T-durable_storage-S-durable_storage", + "fields" : [ + { + "doc" : "与 MQTT 消息的持久存储相关的配置。", + "refs" : [ + { + "doc" : "使用嵌入式 RocksDB 键值存储的内置存储后端。\n此后端不支持集群。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local", + "fields" : [ + { + "doc" : "后端类型。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-backend", + "text" : "backend", + "type" : "String(\"builtin_local\")", + "default" : "builtin_local" + }, + { + "doc" : "数据库所在的文件系统目录。\n\n默认情况下,它等于 node.data_dir。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-data_dir", + "text" : "data_dir", + "type" : "String" + }, + { + "doc" : "内置的持久存储将数据分成多个分片。\n此配置参数定义分片的数量。\n请注意,它仅在持久存储数据库初始化期间生效。\n在数据库已经创建后更改此配置参数将不会产生任何效果。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-n_shards", + "text" : "n_shards", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "存储布局是一种在磁盘上排列来自各种主题和客户端消息的方法。\n\n根据工作负载类型和主题结构的不同,可以采用不同的数据存储策略,以最大化地提高从持久存储中读取消息的效率。", + "refs" : [ + { + "doc" : "通配符优化 布局旨在最大化覆盖大量主题的通配符订阅的吞吐量。\n\n例如,它可以处理大量客户端将数据发布到包含其客户端 ID 的主题的场景,如:sensor/%device-version%/%clientid%/temperature、sensor/%device-version%/%clientid%/pressure 等。\n此布局将自动将此类主题分组到单个流中,因此订阅包含通配符的主题过滤器(如 sensor/+/+/temperature)的客户端将能够以单个批次消费所有设备发布的消息。\n\n此布局对非通配符订阅也是有效的。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2", + "fields" : [ + { + "doc" : "通配符优化布局类型。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2-type", + "text" : "type", + "type" : "String(\"wildcard_optimized_v2\")", + "default" : "wildcard_optimized_v2" + } + ], + "text" : "layout_builtin_wildcard_optimized_v2" + }, + { + "doc" : "通配符优化 布局旨在最大化覆盖大量主题的通配符订阅的吞吐量。\n\n例如,它可以处理大量客户端将数据发布到包含其客户端 ID 的主题的场景,如:sensor/%device-version%/%clientid%/temperature、sensor/%device-version%/%clientid%/pressure 等。\n此布局将自动将此类主题分组到单个流中,因此订阅包含通配符的主题过滤器(如 sensor/+/+/temperature)的客户端将能够以单个批次消费所有设备发布的消息。\n\n此布局对非通配符订阅也是有效的。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized", + "fields" : [ + { + "doc" : "通配符优化布局类型。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized-type", + "text" : "type", + "type" : "String(\"wildcard_optimized\")", + "default" : "wildcard_optimized" + } + ], + "text" : "layout_builtin_wildcard_optimized" + }, + { + "doc" : "一种简单的布局类型,将所有主题的所有消息按时间顺序存储在一个流中。\n\n不推荐用于生产环境。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference", + "fields" : [ + { + "doc" : "参考布局类型", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference-type", + "text" : "type", + "type" : "String(\"reference\")", + "default" : "reference" + } + ], + "text" : "layout_builtin_reference" + } + ], + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout", + "text" : "layout", + "type" : "OneOf(Struct(layout_builtin_wildcard_optimized_v2),Struct(layout_builtin_wildcard_optimized),Struct(layout_builtin_reference))", + "default" : "{type = wildcard_optimized_v2}" + } + ], + "text" : "builtin_local" + } + ], + "hash" : "V-durable_storage-S-durable_storage-messages", + "text" : "messages", + "type" : "OneOf(Struct(builtin_local))", + "default" : "{backend = builtin_local}" + } + ], + "text" : "durable_storage" + } + ], + "hash" : "V-durable_storage", + "text" : "durable_storage", + "type" : "Struct(durable_storage)" + }, + { + "refs" : [ + { + "doc" : "Force garbage collection in MQTT connection process after\n they process certain number of messages or bytes of data.", + "hash" : "T-force_gc-S-force_gc", + "fields" : [ + { + "doc" : "在进程收到多少消息之后,对此进程执行垃圾回收。", + "hash" : "V-force_gc-S-force_gc-count", + "text" : "count", + "type" : "Integer(0..inf)", + "default" : "16000" + }, + { + "doc" : "在进程处理过多少个字节之后,对此进程执行垃圾回收。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-force_gc-S-force_gc-bytes", + "text" : "bytes", + "type" : "Bytesize", + "default" : "\"16MB\"" + } + ], + "text" : "force_gc" + } + ], + "hash" : "V-force_gc", + "text" : "force_gc", + "type" : "Struct(force_gc)" + }, + { + "refs" : [ + { + "doc" : "Features related to system monitoring and introspection.", + "hash" : "T-sysmon-S-sysmon", + "fields" : [ + { + "refs" : [ + { + "doc" : "This part of the configuration is responsible for collecting\n BEAM VM events, such as long garbage collection, traffic congestion in the inter-broker\n communication, etc.", + "hash" : "T-sysmon-S-sysmon-vm-S-sysmon_vm", + "fields" : [ + { + "doc" : "定期进程限制检查的时间间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_check_interval", + "text" : "process_check_interval", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "在发出相应警报之前,本地节点上可以同时存在多少进程的阈值(以进程百分比表示)。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_high_watermark", + "text" : "process_high_watermark", + "type" : "String", + "default" : "\"80%\"" + }, + { + "doc" : "在清除相应警报之前,本地节点上可以同时存在多少进程的阈值(以进程百分比表示)。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_low_watermark", + "text" : "process_low_watermark", + "type" : "String", + "default" : "\"60%\"" + }, + { + "doc" : "当系统检测到某个 Erlang 进程垃圾回收占用过长时间,会触发一条带有 long_gc 关键字的日志。\n同时还会发布一条主题为 $SYS/sysmon/long_gc 的 MQTT 系统消息。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_gc", + "text" : "long_gc", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "disabled" + }, + { + "doc" : "启用后,如果 Erlang VM 调度器出现某个任务占用时间过长时,会触发一条带有 'long_schedule' 关键字的日志。\n同时还会发布一条主题为 $SYS/sysmon/long_schedule 的 MQTT 系统消息。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_schedule", + "text" : "long_schedule", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"240ms\"" + }, + { + "doc" : "启用后,当一个 Erlang 进程申请了大量内存,系统会触发一条带有 large_heap 关键字的\nwarning 级别日志。同时还会发布一条主题为 $SYS/sysmon/busy_dist_port 的 MQTT 系统消息。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-large_heap", + "text" : "large_heap", + "type" : "OneOf(String(\"disabled\"),Bytesize)", + "default" : "\"32MB\"" + }, + { + "doc" : "启用后,当用于集群接点之间 RPC 的连接过忙时,会触发一条带有 busy_dist_port 关键字的 warning 级别日志。\n同时还会发布一条主题为 $SYS/sysmon/busy_dist_port 的 MQTT 系统消息。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_dist_port", + "text" : "busy_dist_port", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "当一个系统接口(例如 TCP socket)过忙,会触发一条带有 busy_port 关键字的 warning 级别的日志。\n同时还会发布一条主题为 $SYS/sysmon/busy_port 的 MQTT 系统消息。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_port", + "text" : "busy_port", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "sysmon_vm" + } + ], + "hash" : "V-sysmon-S-sysmon-vm", + "text" : "vm", + "type" : "Struct(sysmon_vm)" + }, + { + "refs" : [ + { + "doc" : "This part of the configuration is responsible for monitoring\n the host OS health, such as free memory, disk space, CPU load, etc.", + "hash" : "T-sysmon-S-sysmon-os-S-sysmon_os", + "fields" : [ + { + "doc" : "定期 CPU 检查的时间间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_check_interval", + "text" : "cpu_check_interval", + "type" : "Duration", + "default" : "\"60s\"" + }, + { + "doc" : "在发出相应警报之前可以使用多少系统 CPU 的阈值,以系统 CPU 负载的百分比表示。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_high_watermark", + "text" : "cpu_high_watermark", + "type" : "String", + "default" : "\"80%\"" + }, + { + "doc" : "在解除相应警报之前可以使用多少系统 CPU 的阈值,以系统 CPU 负载的百分比表示。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_low_watermark", + "text" : "cpu_low_watermark", + "type" : "String", + "default" : "\"60%\"" + }, + { + "doc" : "定期内存检查的时间间隔。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-mem_check_interval", + "text" : "mem_check_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"60s\"" + }, + { + "doc" : "在发出相应报警之前可以分配多少系统内存的阈值,以系统内存的百分比表示。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-sysmem_high_watermark", + "text" : "sysmem_high_watermark", + "type" : "String", + "default" : "\"70%\"" + }, + { + "doc" : "在发出相应警报之前,一个 Erlang 进程可以分配多少系统内存的阈值,以系统内存的百分比表示。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-procmem_high_watermark", + "text" : "procmem_high_watermark", + "type" : "String", + "default" : "\"5%\"" + } + ], + "text" : "sysmon_os" + } + ], + "hash" : "V-sysmon-S-sysmon-os", + "text" : "os", + "type" : "Struct(sysmon_os)" + } + ], + "text" : "sysmon" + } + ], + "hash" : "V-sysmon", + "text" : "sysmon", + "type" : "Struct(sysmon)" + }, + { + "refs" : [ + { + "doc" : "Settings for the alarms.", + "hash" : "T-alarm-S-alarm", + "fields" : [ + { + "doc" : "警报激活时触发的动作。
目前,支持以下操作:logpublish.\nlog 将告警写入日志 (控制台或者文件).\npublish 将告警作为 MQTT 消息发布到系统主题:\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate and\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate", + "hash" : "V-alarm-S-alarm-actions", + "text" : "actions", + "type" : "Array(Enum(log,publish))", + "default" : "[log, publish]" + }, + { + "doc" : "最多可以存储的历史告警数量。\n\n当达到最大数量时,将删除最旧的历史告警以存储新的历史告警。", + "hash" : "V-alarm-S-alarm-size_limit", + "text" : "size_limit", + "type" : "Integer(1..3000)", + "default" : "1000" + }, + { + "doc" : "历史告警的有效期。从历史告警激活的时间开始计算,而不是取消的时间。\n\n如果告警存在的时间超过了有效期,该告警将被删除。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-alarm-S-alarm-validity_period", + "text" : "validity_period", + "type" : "Duration", + "default" : "\"24h\"" + } + ], + "text" : "alarm" + } + ], + "hash" : "V-alarm", + "text" : "alarm", + "type" : "Struct(alarm)" + }, + { + "refs" : [ + { + "doc" : "This config controls the allowed maximum number of `CONNECT` packets received\nfrom the same clientid in a time frame defined by `window_time`.\nAfter the limit is reached, successive `CONNECT` requests are forbidden\n(banned) until the end of the time period defined by `ban_time`.", + "hash" : "T-flapping_detect-S-flapping_detect", + "fields" : [ + { + "doc" : "启用抖动检测功能。", + "hash" : "V-flapping_detect-S-flapping_detect-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "抖动检测的时间窗口。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-flapping_detect-S-flapping_detect-window_time", + "text" : "window_time", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "MQTT 客户端在“窗口”时间内允许的最大断开次数", + "hash" : "V-flapping_detect-S-flapping_detect-max_count", + "text" : "max_count", + "type" : "Integer(0..+inf)", + "default" : "15" + }, + { + "doc" : "抖动的客户端将会被禁止登录多长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-flapping_detect-S-flapping_detect-ban_time", + "text" : "ban_time", + "type" : "Duration", + "default" : "\"5m\"" + } + ], + "text" : "flapping_detect" + } + ], + "hash" : "V-flapping_detect", + "text" : "flapping_detect", + "type" : "Struct(flapping_detect)" + }, + { + "refs" : [ + { + "doc" : "Settings related to the durable session feature.", + "hash" : "T-durable_sessions-S-durable_sessions", + "fields" : [ + { + "doc" : "使用持久存储来持久化客户端会话。\n如果启用,会话和相应的消息将被持久存储,并在服务器停机时保留。", + "hash" : "V-durable_sessions-S-durable_sessions-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "此值影响持久会话的流量控制。\n持久会话以批次查询持久消息存储。\n此值指定批次的大小。\n\n注意:较大的批次通常提高系统的吞吐量和整体性能,但会增加每个客户端的 RAM 使用量。", + "hash" : "V-durable_sessions-S-durable_sessions-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Expiry interval for poll requests sent by durable sessions to the storage.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-durable_sessions-S-durable_sessions-idle_poll_interval", + "text" : "idle_poll_interval", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Durable sessions back up their state on disc every heartbeat interval.\n\nHeartbeat interval is also taken into account during garbage collection of expired sessions.\nIt is added to the session expiry time as a safety margin when precise time of session termination is not precisely known.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-durable_sessions-S-durable_sessions-heartbeat_interval", + "text" : "heartbeat_interval", + "type" : "Duration", + "default" : "\"5000ms\"" + }, + { + "doc" : "执行持久会话垃圾回收的间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-durable_sessions-S-durable_sessions-session_gc_interval", + "text" : "session_gc_interval", + "type" : "Duration", + "default" : "\"10m\"" + }, + { + "doc" : "每次迭代要垃圾回收的过期持久会话的批量大小。", + "hash" : "V-durable_sessions-S-durable_sessions-session_gc_batch_size", + "text" : "session_gc_batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Broker keeps messages sent to the durable sessions for this period of time.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-durable_sessions-S-durable_sessions-message_retention_period", + "text" : "message_retention_period", + "type" : "Duration", + "default" : "\"1d\"" + } + ], + "text" : "durable_sessions" + } + ], + "hash" : "V-durable_sessions", + "text" : "durable_sessions", + "type" : "Struct(durable_sessions)" + }, + { + "refs" : [ + { + "doc" : "用于连接到外部系统的连接器。", + "hash" : "T-connectors-S-connectors", + "fields" : [ + { + "doc" : "HTTP Connector Config", + "refs" : [ + { + "doc" : "HTTP 动作的配置", + "hash" : "T-connectors-S-connectors-http-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-http-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "HTTP 动作的 URL。
\n此路径允许使用带有变量的模板,但变量不能用于方案、主机或端口部分。
\n例如, http://localhost:9901/${topic} 是允许的,但\n http://${host}:9901/message http://localhost:${port}/message \n是不允许的。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求头。
\n允许使用带有变量的模板。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "连接池类型。可以是random、hash之一。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "连接池大小。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Deprecated since 5.3.2.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-request", + "text" : "request", + "type" : "Map" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-http", + "text" : "http", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "MQTT Connector Config", + "refs" : [ + { + "doc" : "MQTT connector 的配置。", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "将发布消息到远程代理的 MQTT 客户端池的大小。
\n每个 MQTT 客户端都将分配'clientid',格式为'${clientid_prefix}:${bridge_name}:egress:${node}:${n}'\n其中'n'是池中客户端的编号。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "Deprecated since v5.1.0 & e5.1.0.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-mode", + "text" : "mode", + "type" : "Enum(cluster_shareload)" + }, + { + "doc" : "远程 MQTT 代理的主机和端口", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "附加到 egress 动作使用的 clientid 前缀(可选)。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clientid_prefix", + "text" : "clientid_prefix", + "type" : "String" + }, + { + "doc" : "Deprecated since v5.0.16.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-reconnect_interval", + "text" : "reconnect_interval", + "type" : "String" + }, + { + "doc" : "MQTT协议版本", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-proto_ver", + "text" : "proto_ver", + "type" : "Enum(v3,v4,v5)", + "default" : "v4" + }, + { + "doc" : "如果启用桥接模式。\n注意:此设置仅适用于 MQTT 协议版本早于5.0的情况,远程 MQTT\n代理必须支持此功能。\n如果将 bridge_mode 设置为true,则桥接将指示远程代理它是一个桥接而不是普通客户端。\n这意味着循环检测将更加有效,并且保留的消息将被正确传递。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-bridge_mode", + "text" : "bridge_mode", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "MQTT 协议的用户名", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "MQTT 协议的密码
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "在重新连接到入口动作时是否启动新会话", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clean_start", + "text" : "clean_start", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "MQTT Keepalive. Time interval is a string that contains a number followed by time unit:
- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n
or combination of whereof: `1h5m0s`", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "\"160s\"" + }, + { + "doc" : "Message retry interval. Delay for the MQTT bridge to retry sending the QoS1/QoS2 messages in case of ACK not received. Time interval is a string that contains a number followed by time unit:
- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n
or combination of whereof: `1h5m0s`", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-retry_interval", + "text" : "retry_interval", + "type" : "String", + "default" : "\"15s\"" + }, + { + "doc" : "MQTT 协议的最大 inflight(已发送但未确认)消息数", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-max_inflight", + "text" : "max_inflight", + "type" : "Integer(0..+inf)", + "default" : "32" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "ElasticSearch Connector Config", + "refs" : [ + { + "doc" : "ElasticSearch 动作的配置。", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "连接池类型。可以是random、hash之一。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "连接池大小。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。\n一个主机条目有如下形式:`主机[:端口]`。\n如果没有指定 `[:端口]`,则使用 Elasticsearch 默认端口 9200。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-server", + "text" : "server", + "type" : "String", + "default" : "\"127.0.0.1:9200\"" + }, + { + "doc" : "认证配置", + "refs" : [ + { + "doc" : "Basic Authentication", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic", + "fields" : [ + { + "doc" : "IoTDB REST 接口配置的用户名", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "ElasticSearch REST 连接密码
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_basic" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication", + "text" : "authentication", + "type" : "OneOf(Struct(auth_basic))" + } + ], + "text" : "config" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch", + "text" : "elasticsearch", + "type" : "Map($name->Struct(config))" + } + ], + "text" : "connectors" + } + ], + "hash" : "V-connectors", + "text" : "connectors", + "type" : "Struct(connectors)" + }, + { + "refs" : [ + { + "doc" : "数据桥接的配置信息", + "hash" : "T-actions-S-actions", + "fields" : [ + { + "doc" : "HTTP Action Config", + "refs" : [ + { + "doc" : "HTTP 动作的配置", + "hash" : "T-actions-S-actions-http-S-http_action", + "fields" : [ + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-http-S-http_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-http-S-http_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-http-S-http_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "HTTP 动作的参数", + "refs" : [ + { + "doc" : "HTTP 动作的参数", + "hash" : "T-actions-S-actions-http-S-http_action-parameters-S-parameters_opts", + "fields" : [ + { + "doc" : "此动作的 URL 路径。
\n此路径将附加到连接器的 url 配置,以形成完整的 URL 地址。\n此选项允许使用带有变量的模板。例如,/room/{$room_no}
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的方法。所有可用的方法包括:post、put、get、delete。
\n允许使用带有变量的模板。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-method", + "text" : "method", + "type" : "Enum(post,put,get,delete)", + "default" : "post" + }, + { + "doc" : "HTTP 请求头。
\n允许使用带有变量的模板。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}" + }, + { + "doc" : "HTTP 请求的主体。
\n如果未提供,主体将是所有可用字段的 JSON 对象。
\n这里的“所有可用字段”是指在触发此 Webhook 时的 MQTT 消息的上下文(当 local_topic 已设置并接收到 MQTT 消息时触发),
或者当此 Webhook 用作规则的动作时,在触发此 Webhook 时的事件上下文。
允许使用带有变量的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "如果发送请求时出错,最大的重试次数。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + }, + { + "doc" : "Deprecated since v5.0.26.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "parameters_opts" + } + ], + "hash" : "V-actions-S-actions-http-S-http_action-parameters", + "text" : "parameters", + "type" : "Struct(parameters_opts)" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "http_action" + } + ], + "hash" : "V-actions-S-actions-http", + "aliases" : [ + "webhook" + ], + "text" : "http", + "type" : "Map($name->Struct(http_action))" + }, + { + "doc" : "MQTT Publisher Action Config", + "refs" : [ + { + "doc" : "发布动作的配置。", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "动作的具体配置。", + "refs" : [ + { + "doc" : "动作的具体配置。", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "要转发到远程代理的主题。
\n允许使用带有变量的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "要发送的 MQTT 消息的 QoS 级别。
\n允许使用带有变量的模板。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-qos", + "text" : "qos", + "type" : "OneOf(Integer(0..2),String)", + "default" : "1" + }, + { + "doc" : "要发送的 MQTT 消息的'retain'标志。
\n允许使用带有变量的模板。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-retain", + "text" : "retain", + "type" : "OneOf(Boolean,String)", + "default" : "false" + }, + { + "doc" : "要发送的 MQTT 消息的有效载荷。
\n允许使用带有变量的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-payload", + "text" : "payload", + "type" : "String" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "mqtt_publisher_action" + } + ], + "hash" : "V-actions-S-actions-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(mqtt_publisher_action))" + }, + { + "doc" : "Elasticsearch 动作", + "refs" : [ + { + "doc" : "ElasticSearch 动作配置项", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config", + "fields" : [ + { + "doc" : "ElasticSearch 动作参数", + "refs" : [ + { + "doc" : "将一个 JSON 文件添加到指定的索引中,并使其可搜索。\n如果目标是一个索引并且文件已经存在,\n请求会更新该文件并增加其版本。", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create", + "fields" : [ + { + "doc" : "create", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-action", + "text" : "action", + "type" : "String(\"create\")" + }, + { + "doc" : "执行操作的索引名称或索引别名。\n此参数是必需的。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "文档 ID。如果没有指定 ID,将自动生成。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "JSON 文档模板,如果留空则为包含所有可用字段的 JSON 文本,如 clientid、topic、payload 等。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-doc", + "text" : "doc", + "type" : "String" + }, + { + "doc" : "用于将操作路由到特定分片的自定义值。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "如果为 true, 则请求的操作必须针对一个索引别名。默认为 false。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-require_alias", + "text" : "require_alias", + "type" : "Boolean" + }, + { + "doc" : "如果指定 _id 的文档已经存在(冲突),将设置为 false,操作将失败。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-overwrite", + "text" : "overwrite", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "如果发送请求时出错,最大的重试次数。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_create" + }, + { + "doc" : "从指定的索引中删除一个 JSON 文件。", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete", + "fields" : [ + { + "doc" : "delete", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-action", + "text" : "action", + "type" : "String(\"delete\")" + }, + { + "doc" : "执行操作的索引名称或索引别名。\n此参数是必需的。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "文档 ID。如果没有指定 ID,将自动生成。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "用于将操作路由到特定分片的自定义值。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "如果发送请求时出错,最大的重试次数。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_delete" + }, + { + "doc" : "使用指定的文件更新一个文件。", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update", + "fields" : [ + { + "doc" : "update", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-action", + "text" : "action", + "type" : "String(\"update\")" + }, + { + "doc" : "执行操作的索引名称或索引别名。\n此参数是必需的。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "文档 ID。如果没有指定 ID,将自动生成。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "JSON 文档模板,如果留空则为包含所有可用字段的 JSON 文本,如 clientid、topic、payload 等。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc", + "text" : "doc", + "type" : "String" + }, + { + "doc" : "你可以将 doc_as_upsert 设置为 true,使用 doc 的内容作为 upsert 值,而不是发送一个不完整的文件加上一个 upsert 文件。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc_as_upsert", + "text" : "doc_as_upsert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于将操作路由到特定分片的自定义值。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "如果为 true, 则请求的操作必须针对一个索引别名。默认为 false。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-require_alias", + "text" : "require_alias", + "type" : "Boolean" + }, + { + "doc" : "如果发送请求时出错,最大的重试次数。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_update" + } + ], + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(action_create),Struct(action_delete),Struct(action_update))" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源选项。", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "action_config" + } + ], + "hash" : "V-actions-S-actions-elasticsearch", + "text" : "elasticsearch", + "type" : "Map($action_name->Struct(action_config))" + } + ], + "text" : "actions" + } + ], + "hash" : "V-actions", + "text" : "actions", + "type" : "Struct(actions)" + }, + { + "refs" : [ + { + "doc" : "Source 的配置。", + "hash" : "T-sources-S-sources", + "fields" : [ + { + "doc" : "MQTT Subscriber Source Config", + "refs" : [ + { + "doc" : "订阅 Source 的配置。", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source", + "fields" : [ + { + "refs" : [ + { + "doc" : "Source 的具体配置", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters", + "fields" : [ + { + "doc" : "从远程代理接收消息的主题", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "订阅远程代理时要使用的 QoS 级别.", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "1" + } + ], + "text" : "ingress_parameters" + } + ], + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters", + "text" : "parameters", + "type" : "Struct(ingress_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "source_resource_opts" + } + ], + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts", + "text" : "resource_opts", + "type" : "Struct(source_resource_opts)", + "default" : "{}" + } + ], + "text" : "mqtt_subscriber_source" + } + ], + "hash" : "V-sources-S-sources-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(mqtt_subscriber_source))" + } + ], + "text" : "sources" + } + ], + "hash" : "V-sources", + "text" : "sources", + "type" : "Struct(sources)" + }, + { + "refs" : [ + { + "doc" : "Configuration related to handling `PUBLISH` packets with a `retain` flag set to 1.", + "hash" : "T-retainer-S-retainer", + "fields" : [ + { + "doc" : "消息保留时间。0 代表永久保留
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-retainer-S-retainer-msg_expiry_interval", + "text" : "msg_expiry_interval", + "type" : "Duration", + "default" : "\"0s\"" + }, + { + "doc" : "If set, this value will take precedence over any `Message-Expiry-Interval` property specified in retained MQTT messages, allowing messages to expire earlier if necessary. This override only applies to the garbage collection process: it does not affect the expiry time of messages being written nor that of already written messages while iterating over them. Therefore, messages that are candidate for garbage collection when overridden may still be visible when subscribing to retained topics.", + "hash" : "V-retainer-S-retainer-msg_expiry_interval_override", + "text" : "msg_expiry_interval_override", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "disabled" + }, + { + "doc" : "If true, retained messages set to never expire (i.e., whose `Message-Expiry-Interval = 0`) are not affected by the expiry time override. This configuration only takes effect when `msg_expiry_interval_override` is set.", + "hash" : "V-retainer-S-retainer-allow_never_expire", + "text" : "allow_never_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "消息清理间隔。0 代表不进行清理
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-retainer-S-retainer-msg_clear_interval", + "text" : "msg_clear_interval", + "type" : "Duration", + "default" : "\"0s\"" + }, + { + "doc" : "允许存储的保留消息的最大大小。EMQX 将拒绝存储超过此大小的保留消息,并输出包含关键字 'retain_failed_for_payload_size_exceeded_limit' 的错误日志。\n\n0 表示保留消息大小不受限制。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-retainer-S-retainer-max_payload_size", + "text" : "max_payload_size", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "当 PUBLISH 消息的保留标志被设置且有效载荷为空时,是否继续发布消息。\n参见:\nhttp://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718038", + "hash" : "V-retainer-S-retainer-stop_publish_clear_msg", + "text" : "stop_publish_clear_msg", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "发送保留消息的最大速率", + "hash" : "V-retainer-S-retainer-delivery_rate", + "aliases" : [ + "deliver_rate" + ], + "text" : "delivery_rate", + "type" : "String", + "default" : "\"1000/s\"" + }, + { + "doc" : "保留消息的存储后端", + "refs" : [ + { + "doc" : "Configuration of the internal database storing retained messages.", + "hash" : "T-retainer-S-retainer-backend-S-mnesia_config", + "fields" : [ + { + "doc" : "后端类型", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-type", + "text" : "type", + "type" : "String(\"built_in_database\")", + "default" : "built_in_database" + }, + { + "doc" : "选择消息是存放在磁盘还是内存中", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-storage_type", + "text" : "storage_type", + "type" : "Enum(ram,disc)", + "default" : "ram" + }, + { + "doc" : "消息保留的数量上限。0 表示无限", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-max_retained_messages", + "text" : "max_retained_messages", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Retainer index specifications: list of arrays of positive ascending integers. Each array specifies an index. Numbers in an index specification are 1-based word positions in topics. Words from specified positions will be used for indexing.
For example, it is good to have [2, 4] index to optimize +/X/+/Y/... topic wildcard subscriptions.", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-index_specs", + "text" : "index_specs", + "type" : "Array(Integer)", + "default" : "[[1, 2, 3], [1, 3], [2, 3], [3]]" + } + ], + "text" : "mnesia_config" + } + ], + "hash" : "V-retainer-S-retainer-backend", + "text" : "backend", + "type" : "Struct(mnesia_config)" + } + ], + "text" : "retainer" + } + ], + "hash" : "V-retainer", + "text" : "retainer", + "type" : "Struct(retainer)" + }, + { + "refs" : [ + { + "doc" : "配置 EMQX 节点向 EMQ 的遥测服务器发送遥测数据。\n详情请参考 https://www.emqx.io/docs/zh/v5.1/telemetry/telemetry.html。", + "hash" : "T-telemetry-S-telemetry", + "fields" : [ + { + "doc" : "设置为 `false` 可以关闭数据发送。", + "hash" : "V-telemetry-S-telemetry-enable", + "text" : "enable", + "type" : "Boolean" + } + ], + "text" : "telemetry" + } + ], + "hash" : "V-telemetry", + "text" : "telemetry", + "type" : "Struct(telemetry)" + }, + { + "refs" : [ + { + "doc" : "Settings for the delayed module.", + "hash" : "T-delayed-S-delayed", + "fields" : [ + { + "doc" : "延迟消息的数量上限(0 代表不限数量)", + "hash" : "V-delayed-S-delayed-max_delayed_messages", + "text" : "max_delayed_messages", + "type" : "Integer", + "default" : "0" + } + ], + "text" : "delayed" + } + ], + "hash" : "V-delayed", + "text" : "delayed", + "type" : "Struct(delayed)" + }, + { + "refs" : [ + { + "doc" : "管理 EMQX 插件。
\n插件可以是 EMQX 安装包中的一部分,也可以是一个独立的安装包。
\n独立安装的插件称为“外部插件”。", + "hash" : "T-plugins-S-plugins", + "fields" : [ + { + "doc" : "一组插件的状态。插件将按照定义的顺序启动", + "refs" : [ + { + "doc" : "描述插件的状态", + "hash" : "T-plugins-S-plugins-states-S-state", + "fields" : [ + { + "doc" : "插件的名称{name}-{version}。
\n它应该与插件的发布包名称一致,如 my_plugin-0.1.0。", + "hash" : "V-plugins-S-plugins-states-S-state-name_vsn", + "text" : "name_vsn", + "type" : "String" + } + ], + "text" : "state" + } + ], + "hash" : "V-plugins-S-plugins-states", + "text" : "states", + "type" : "Array(Struct(state))", + "default" : "[]" + }, + { + "doc" : "插件安装包的目录,出于安全考虑,该目录应该值允许 emqx,或用于运行 EMQX 服务的用户拥有写入权限。", + "hash" : "V-plugins-S-plugins-install_dir", + "text" : "install_dir", + "type" : "String", + "default" : "plugins" + }, + { + "doc" : "Deprecated since 5.0.24.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-plugins-S-plugins-check_interval", + "text" : "check_interval", + "type" : "Duration" + } + ], + "text" : "plugins" + } + ], + "hash" : "V-plugins", + "text" : "plugins", + "type" : "Struct(plugins)" + }, + { + "refs" : [ + { + "doc" : "EMQX Dashboard 配置。", + "hash" : "T-dashboard-S-dashboard", + "fields" : [ + { + "doc" : "Dashboard 监听器设置。监听器必须有唯一的端口号和 IP 地址的组合。\n例如,可以通过指定 IP 地址 0.0.0.0 来监听机器上给定端口上的所有配置的 IP 地址。\n或者,可以为每个监听器指定唯一的 IP 地址,但使用相同的端口。", + "refs" : [ + { + "doc" : "Dashboard 监听器配置。", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners", + "fields" : [ + { + "doc" : "TCP listeners", + "refs" : [ + { + "doc" : "Dashboard 监听器(HTTP)配置。", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-http-S-http", + "fields" : [ + { + "doc" : "将监听器绑定到指定的地址和端口号,例如 127.0.0.1:18083。\n如果仅配置端口号(例如 18083),则相当于绑定到所有地址 0.0.0.0。\n如果 bind 设置为 0,则禁用监听器。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-bind", + "text" : "bind", + "type" : "String", + "default" : "0" + }, + { + "doc" : "TCP 协议的 Socket acceptor 池大小, 通常配置为 CPU 核数", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-num_acceptors", + "text" : "num_acceptors", + "type" : "Integer", + "default" : "2" + }, + { + "doc" : "同时处理的最大连接数。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-max_connections", + "text" : "max_connections", + "type" : "Integer", + "default" : "512" + }, + { + "doc" : "排队等待连接的队列的最大长度。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-backlog", + "text" : "backlog", + "type" : "Integer", + "default" : "1024" + }, + { + "doc" : "发送响应内容的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 IPv6, 如果机器不支持 IPv6,请关闭此选项,否则会导致 Dashboard 无法使用。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-inet6", + "text" : "inet6", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "当开启 inet6 功能的同时禁用 IPv4-to-IPv6 映射。该配置仅在 inet6 功能开启时有效。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-ipv6_v6only", + "text" : "ipv6_v6only", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "启用 Proxy Protocol 以提取客户端连接的原始信息,要求使用了代理服务器并且代理服务器也启用 Proxy Protocol。注意:一旦开启了这个功能,就无法再处理普通的 HTTP 请求。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-proxy_header", + "text" : "proxy_header", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "http" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http", + "text" : "http", + "type" : "Struct(http)" + }, + { + "doc" : "SSL listeners", + "refs" : [ + { + "doc" : "Dashboard 监听器(HTTPS)配置。", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https", + "fields" : [ + { + "doc" : "将监听器绑定到指定的地址和端口号,例如 127.0.0.1:18083。\n如果仅配置端口号(例如 18083),则相当于绑定到所有地址 0.0.0.0。\n如果 bind 设置为 0,则禁用监听器。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-bind", + "text" : "bind", + "type" : "String", + "default" : "0" + }, + { + "doc" : "Dashboard 监听器的 SSL/TLS 选项。", + "refs" : [ + { + "doc" : "Dashboard 监听器的 SSL/TLS 选项。", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ssl_options" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_options)" + }, + { + "doc" : "TCP 协议的 Socket acceptor 池大小, 通常配置为 CPU 核数", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-num_acceptors", + "text" : "num_acceptors", + "type" : "Integer", + "default" : "2" + }, + { + "doc" : "同时处理的最大连接数。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-max_connections", + "text" : "max_connections", + "type" : "Integer", + "default" : "512" + }, + { + "doc" : "排队等待连接的队列的最大长度。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-backlog", + "text" : "backlog", + "type" : "Integer", + "default" : "1024" + }, + { + "doc" : "发送响应内容的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 IPv6, 如果机器不支持 IPv6,请关闭此选项,否则会导致 Dashboard 无法使用。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-inet6", + "text" : "inet6", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "当开启 inet6 功能的同时禁用 IPv4-to-IPv6 映射。该配置仅在 inet6 功能开启时有效。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ipv6_v6only", + "text" : "ipv6_v6only", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "启用 Proxy Protocol 以提取客户端连接的原始信息,要求使用了代理服务器并且代理服务器也启用 Proxy Protocol。注意:一旦开启了这个功能,就无法再处理普通的 HTTP 请求。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-proxy_header", + "text" : "proxy_header", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "https" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https", + "text" : "https", + "type" : "Struct(https)" + } + ], + "text" : "listeners" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners", + "text" : "listeners", + "type" : "Struct(listeners)" + }, + { + "doc" : "用于初始化 admin 用户数据库记录的密码。\n注意:在初始化(第一次启动)后更改默认密码将不起作用。\n一旦初始化完成,默认密码 public 必须尽快通过 Dashboard 或 CLI 更改。", + "hash" : "V-dashboard-S-dashboard-default_password", + "text" : "default_password", + "type" : "String", + "default" : "public" + }, + { + "doc" : "登录成功返回的 JWT token 过期时间,默认为 60 分钟。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-token_expired_time", + "text" : "token_expired_time", + "type" : "Duration", + "default" : "\"60m\"" + }, + { + "doc" : "CORS(Cross-Origin Resource Sharing,跨域资源共享)允许服务器响应来自任何来源(域名、协议或端口)的请求,启用后允许另一个域名下的服务直接通过 JavaScript 调用 EMQX REST API。", + "hash" : "V-dashboard-S-dashboard-cors", + "text" : "cors", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "启用或禁用对 Swagger API 文档的支持。", + "hash" : "V-dashboard-S-dashboard-swagger_support", + "text" : "swagger_support", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "dashboard" + } + ], + "hash" : "V-dashboard", + "text" : "dashboard", + "type" : "Struct(dashboard)" + }, + { + "refs" : [ + { + "doc" : "EMQX Gateway configuration root.", + "hash" : "T-gateway-S-gateway", + "fields" : [ + { + "refs" : [ + { + "doc" : "The CoAP protocol gateway provides EMQX with the access capability of the CoAP protocol.\nIt allows publishing, subscribing, and receiving messages to EMQX in accordance\nwith a certain defined CoAP message format.", + "hash" : "T-gateway-S-gateway-coap-S-coap", + "fields" : [ + { + "doc" : "CoAP 网关要求客户端的最小心跳间隔时间。\n当 connection_required 开启后,该参数用于检查客户端连接是否存活
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-heartbeat", + "text" : "heartbeat", + "type" : "Duration(s)", + "default" : "\"30s\"" + }, + { + "doc" : "是否开启连接模式。\n连接模式是非标准协议的功能。它维护 CoAP 客户端上线、认证、和连接状态的保持", + "hash" : "V-gateway-S-gateway-coap-S-coap-connection_required", + "text" : "connection_required", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "投递给 CoAP 客户端的通知消息类型。当客户端 Observe 一个资源(或订阅某个主题)时,网关会向客户端推送新产生的消息。其消息类型可设置为:
\n\n - non: 不需要客户端返回确认消息;
\n - con: 需要客户端返回一个确认消息;
\n - qos: 取决于消息的 QoS 等级; QoS 0 会以 `non` 类型下发,QoS 1/2 会以 `con` 类型下发", + "hash" : "V-gateway-S-gateway-coap-S-coap-notify_type", + "text" : "notify_type", + "type" : "Enum(non,con,qos)", + "default" : "qos" + }, + { + "doc" : "客户端订阅请求的默认 QoS 等级。\n当 CoAP 客户端发起订阅请求时,如果未携带 `qos` 参数则会使用该默认值。默认值可设置为:
\n - qos0、 qos1、qos2: 设置为固定的 QoS 等级
\n - coap: 依据订阅操作的 CoAP 报文类型来动态决定
\n * 当订阅请求为 `non-confirmable` 类型时,取值为 qos0
\n * 当订阅请求为 `confirmable` 类型时,取值为 qos1", + "hash" : "V-gateway-S-gateway-coap-S-coap-subscribe_qos", + "text" : "subscribe_qos", + "type" : "Enum(qos0,qos1,qos2,coap)", + "default" : "coap" + }, + { + "doc" : "客户端发布请求的默认 QoS 等级。\n当 CoAP 客户端发起发布请求时,如果未携带 `qos` 参数则会使用该默认值。默认值可设置为:
\n\n - qos0、qos1、qos2: 设置为固定的 QoS 等级
\n - coap: 依据发布操作的 CoAP 报文类型来动态决定
\n * 当发布请求为 `non-confirmable` 类型时,取值为 qos0
\n * 当发布请求为 `confirmable` 类型时,取值为 qos1", + "hash" : "V-gateway-S-gateway-coap-S-coap-publish_qos", + "text" : "publish_qos", + "type" : "Enum(qos0,qos1,qos2,coap)", + "default" : "coap" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-coap-S-coap-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS Socket 配置", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-coap-S-coap-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "coap" + } + ], + "hash" : "V-gateway-S-gateway-coap", + "text" : "coap", + "type" : "Struct(coap)" + }, + { + "refs" : [ + { + "doc" : "Settings for EMQX extension protocol (exproto).", + "hash" : "T-gateway-S-gateway-exproto-S-exproto", + "fields" : [ + { + "doc" : "配置 ExProto 网关需要启动的 ConnectionAdapter 服务。\n该服务用于提供客户端的认证、发布、订阅和数据下行等功能。", + "refs" : [ + { + "doc" : "Settings for the exproto gRPC server.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server", + "fields" : [ + { + "doc" : "服务监听地址和端口。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "服务 SSL 配置。", + "refs" : [ + { + "doc" : "SSL configuration for the server.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ssl_server_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_server_opts)" + } + ], + "text" : "exproto_grpc_server" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server", + "text" : "server", + "type" : "Struct(exproto_grpc_server)" + }, + { + "doc" : "配置 ExProto 网关需要请求的 ConnectionHandler 服务地址。\n该服务用于给 ExProto 提供客户端的 Socket 事件处理、字节解码、订阅消息接收等功能。", + "refs" : [ + { + "doc" : "Settings for the exproto gRPC connection handler.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler", + "fields" : [ + { + "doc" : "对端 gRPC 服务器地址。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-address", + "text" : "address", + "type" : "String" + }, + { + "doc" : "用于处理连接事件的服务名称\n在初始版本中,我们期望使用流来提高 ConnectionHandler 中请求的效率。\n但不幸的是,不同流之间的事件顺序混乱。\n这导致 OnSocketCreated 事件可能会\n在 OnReceivedBytes 之后到达。\n因此,自 v5.0.25 起,我们添加了 `ConnectionUnaryHandler` 服务,并强制在其中使用了 Unary,以避免顺序问题。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-service_name", + "text" : "service_name", + "type" : "OneOf(String(\"ConnectionHandler\"),String(\"ConnectionUnaryHandler\"))", + "default" : "ConnectionUnaryHandler" + }, + { + "doc" : "gRPC 客户端的 SSL 配置。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)" + } + ], + "text" : "exproto_grpc_handler" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler", + "text" : "handler", + "type" : "Struct(exproto_grpc_handler)" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for TCP and UDP listeners.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket 配置。", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS Socket 配置", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "tcp_udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners", + "text" : "listeners", + "type" : "Struct(tcp_udp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "exproto" + } + ], + "hash" : "V-gateway-S-gateway-exproto", + "text" : "exproto", + "type" : "Struct(exproto)" + }, + { + "refs" : [ + { + "doc" : "The LwM2M protocol gateway.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m", + "fields" : [ + { + "doc" : "LwM2M Resource 定义的 XML 文件目录路径。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-xml_dir", + "text" : "xml_dir", + "type" : "String" + }, + { + "doc" : "允许 LwM2M 客户端允许设置的心跳最小值。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_min", + "text" : "lifetime_min", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "允许 LwM2M 客户端允许设置的心跳最大值。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_max", + "text" : "lifetime_max", + "type" : "Duration", + "default" : "\"86400s\"" + }, + { + "doc" : "在 QMode 模式下,LwM2M 网关认为网络链接有效的时间窗口的值。\n例如,在收到客户端的更新信息后,在这个时间窗口内的任何信息都会直接发送到 LwM2M 客户端,而超过这个时间窗口的所有信息都会暂时储存在内存中。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-qmode_time_window", + "text" : "qmode_time_window", + "type" : "Duration(s)", + "default" : "\"22s\"" + }, + { + "doc" : "自动 Observe REGISTER 数据包的 Object 列表。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-auto_observe", + "text" : "auto_observe", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "发布 UPDATE 事件消息的策略。
\n - always: 只要收到 UPDATE 请求,就发送更新事件。
\n - contains_object_list: 仅当 UPDATE 请求携带 Object 列表时才发送更新事件。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-update_msg_publish_condition", + "text" : "update_msg_publish_condition", + "type" : "Enum(always,contains_object_list)", + "default" : "contains_object_list" + }, + { + "doc" : "LwM2M 网关订阅/发布消息的主题映射配置。", + "refs" : [ + { + "doc" : "MQTT topics that correspond to LwM2M events.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators", + "fields" : [ + { + "doc" : "下行命令主题。\n对于每个成功上线的新 LwM2M 客户端,网关会创建一个订阅关系来接收下行消息并将其发送给客户端", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator", + "fields" : [ + { + "doc" : "主题名称", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS 等级", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command", + "text" : "command", + "type" : "Struct(translator)" + }, + { + "doc" : "用于网关发布来自 LwM2M 客户端的确认事件的主题。", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator", + "fields" : [ + { + "doc" : "主题名称", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS 等级", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response", + "text" : "response", + "type" : "Struct(translator)" + }, + { + "doc" : "用于发布来自 LwM2M 客户端的通知事件的主题。\n在成功 Observe 到 LwM2M 客户端的资源后,如果客户端报告任何资源状态的变化,网关将通过该主题发送通知事件", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator", + "fields" : [ + { + "doc" : "主题名称", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS 等级", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify", + "text" : "notify", + "type" : "Struct(translator)" + }, + { + "doc" : "用于发布来自 LwM2M 客户端的注册事件的主题。", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator", + "fields" : [ + { + "doc" : "主题名称", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS 等级", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register", + "text" : "register", + "type" : "Struct(translator)" + }, + { + "doc" : "用于发布来自 LwM2M 客户端的更新事件的主题。", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator", + "fields" : [ + { + "doc" : "主题名称", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS 等级", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update", + "text" : "update", + "type" : "Struct(translator)" + } + ], + "text" : "lwm2m_translators" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators", + "text" : "translators", + "type" : "Struct(lwm2m_translators)" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"lwm2m/${endpoint_name}/\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS Socket 配置", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "lwm2m" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m", + "text" : "lwm2m", + "type" : "Struct(lwm2m)" + }, + { + "refs" : [ + { + "doc" : "The MQTT-SN (MQTT for Sensor Networks) protocol gateway.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn", + "fields" : [ + { + "doc" : "MQTT-SN 网关 ID。\n当 broadcast 打开时,MQTT-SN 网关会使用该 ID 来广播 ADVERTISE 消息", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-gateway_id", + "text" : "gateway_id", + "type" : "Integer", + "default" : "1" + }, + { + "doc" : "是否周期性广播 ADVERTISE 消息", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-broadcast", + "text" : "broadcast", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "是否允许无连接的客户端发送 QoS 等于 -1 的消息。\n该功能主要用于支持轻量的 MQTT-SN 客户端实现,它不会向网关建立连接,注册主题,也不会发起订阅;它只使用 QoS 为 -1 来发布消息", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_qos3", + "text" : "enable_qos3", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在会话被重用后,网关是否主动向客户端注册对已订阅主题名称", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-subs_resume", + "text" : "subs_resume", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "预定义主题列表。\n预定义的主题列表,是一组 主题 ID 和 主题名称 的映射关系。使用预先定义的主题列表,可以减少 MQTT-SN 客户端和网关对于固定主题的注册请求", + "refs" : [ + { + "doc" : "The pre-defined topic name corresponding to the pre-defined topic\nID of N.\n\nNote: the pre-defined topic ID of 0 is reserved.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined", + "fields" : [ + { + "doc" : "主题 ID。范围:1-65535", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-id", + "text" : "id", + "type" : "Integer(1..1024)" + }, + { + "doc" : "主题名称。注:不支持通配符", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-topic", + "text" : "topic", + "type" : "String" + } + ], + "text" : "mqttsn_predefined" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined", + "text" : "predefined", + "type" : "Array(Struct(mqttsn_predefined))", + "default" : "[]" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS Socket 配置", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "mqttsn" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn", + "text" : "mqttsn", + "type" : "Struct(mqttsn)" + }, + { + "refs" : [ + { + "doc" : "The STOMP protocol gateway provides EMQX with the ability to access STOMP\n(Simple (or Streaming) Text Orientated Messaging Protocol) protocol.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp", + "fields" : [ + { + "refs" : [ + { + "doc" : "Size limits for the STOMP frames.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame", + "fields" : [ + { + "doc" : "头部的最大数量", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers", + "text" : "max_headers", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "允许的 Header 字符串的最大长度", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers_length", + "text" : "max_headers_length", + "type" : "Integer(0..+inf)", + "default" : "1024" + }, + { + "doc" : "每个 Stomp 数据包允许的 Body 的最大字节数", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_body_length", + "text" : "max_body_length", + "type" : "Integer", + "default" : "65536" + } + ], + "text" : "stomp_frame" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame", + "text" : "frame", + "type" : "Struct(stomp_frame)" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the TCP listeners.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket 配置。", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + } + ], + "text" : "tcp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners", + "text" : "listeners", + "type" : "Struct(tcp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "stomp" + } + ], + "hash" : "V-gateway-S-gateway-stomp", + "text" : "stomp", + "type" : "Struct(stomp)" + } + ], + "text" : "gateway" + } + ], + "hash" : "V-gateway", + "text" : "gateway", + "type" : "Struct(gateway)" + }, + { + "refs" : [ + { + "doc" : "推荐的设置", + "hash" : "T-prometheus-S-recommend_setting", + "fields" : [ + { + "doc" : "启用或禁用 Prometheus 抓取 API 的基本认证,不适用于 Push Gateway。", + "hash" : "V-prometheus-S-recommend_setting-enable_basic_auth", + "text" : "enable_basic_auth", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Push Gateway 是可选的,如果 Prometheus 要抓取 EMQX,则不应配置。", + "refs" : [ + { + "doc" : "Push Gateway 是可选的,如果 Prometheus 要抓取 EMQX,则不应配置。", + "hash" : "T-prometheus-S-recommend_setting-push_gateway-S-push_gateway", + "fields" : [ + { + "doc" : "启用或禁用 Pushgateway。", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Pushgateway 服务器的 URL。Push Gateway 是可选的,如果 Prometheus 要抓取 EMQX,则不应配置。", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-url", + "text" : "url", + "type" : "String", + "default" : "\"http://127.0.0.1:9091\"" + }, + { + "doc" : "数据推送间隔
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-interval", + "text" : "interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "推送到 Push Gateway 的 HTTP Headers 列表。
\n例如, { Authorization = \"some-authz-tokens\"}", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-headers", + "text" : "headers", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "推送到 Push Gateway 的 Job 名称。可用变量为:
\n- ${name}: EMQX 节点的名称。\n- ${host}: EMQX 节点主机名。\n例如,当 EMQX 节点名为 emqx@127.0.0.1 则 name 变量的值为 emqx,host 变量的值为 127.0.0.1
\n默认值为: ${name}/instance/${name}~${host}", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-job_name", + "text" : "job_name", + "type" : "String", + "default" : "\"${name}/instance/${name}~${host}\"" + } + ], + "text" : "push_gateway" + } + ], + "hash" : "V-prometheus-S-recommend_setting-push_gateway", + "text" : "push_gateway", + "type" : "Struct(push_gateway)" + }, + { + "doc" : "虚拟机的内部高级指标最初是禁用的\n通常只在性能测试期间启用。\n启用它们将增加 CPU 负载。", + "refs" : [ + { + "doc" : "虚拟机的内部高级指标最初是禁用的\n通常只在性能测试期间启用。\n启用它们将增加 CPU 负载。", + "hash" : "T-prometheus-S-recommend_setting-collectors-S-collectors", + "fields" : [ + { + "doc" : "开启或关闭 VM 分布采集器,收集 Erlang 分布机制中涉及的套接字和进程的信息。", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_dist", + "text" : "vm_dist", + "type" : "Enum(disabled,enabled)", + "default" : "disabled" + }, + { + "doc" : "开启或关闭 Mnesia 采集器, 使用 mnesia:system_info/1 收集 Mnesia 相关指标", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-mnesia", + "text" : "mnesia", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "开启或关闭 VM 统计采集器, 使用 erlang:statistics/1 收集 Erlang VM 相关指标", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_statistics", + "text" : "vm_statistics", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "开启或关闭 VM 系统信息采集器, 使用 erlang:system_info/1 收集 Erlang VM 相关指标", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_system_info", + "text" : "vm_system_info", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "开启或关闭 VM 内存采集器, 使用 erlang:memory/0 收集 Erlang 虚拟机动态分配的内存信息,同时提供基本的 (D)ETS 统计信息", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_memory", + "text" : "vm_memory", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "开启或关闭 VM msacc 采集器, 使用 erlang:statistics(microstate_accounting) 收集微状态计数指标", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_msacc", + "text" : "vm_msacc", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + } + ], + "text" : "collectors" + } + ], + "hash" : "V-prometheus-S-recommend_setting-collectors", + "text" : "collectors", + "type" : "Struct(collectors)" + } + ], + "text" : "recommend_setting" + }, + { + "doc" : "自5.4.0版本起弃用。", + "hash" : "T-prometheus-S-legacy_deprecated_setting", + "fields" : [ + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.push_gateway.url`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-push_gateway_server", + "text" : "push_gateway_server", + "type" : "String", + "default" : "\"http://127.0.0.1:9091\"" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.push_gateway.interval`。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-interval", + "text" : "interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.push_gateway.headers`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-headers", + "text" : "headers", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.push_gateway.job_name`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-job_name", + "text" : "job_name", + "type" : "String", + "default" : "\"${name}/instance/${name}~${host}\"" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.push_gateway.url`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.vm_dist`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_dist_collector", + "text" : "vm_dist_collector", + "type" : "Enum(disabled,enabled)", + "default" : "disabled" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.mnesia`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-mnesia_collector", + "text" : "mnesia_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.vm_statistics`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_statistics_collector", + "text" : "vm_statistics_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.vm_system_info`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_system_info_collector", + "text" : "vm_system_info_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.vm_memory`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_memory_collector", + "text" : "vm_memory_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.vm_msacc`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_msacc_collector", + "text" : "vm_msacc_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + } + ], + "text" : "legacy_deprecated_setting" + } + ], + "hash" : "V-prometheus", + "text" : "prometheus", + "type" : "OneOf(Struct(recommend_setting),Struct(legacy_deprecated_setting))", + "default" : "{}" + }, + { + "refs" : [ + { + "doc" : "External hook (exhook) configuration.", + "hash" : "T-exhook-S-exhook", + "fields" : [ + { + "doc" : "ExHook 服务器列表", + "refs" : [ + { + "doc" : "gRPC server configuration.", + "hash" : "T-exhook-S-exhook-servers-S-server", + "fields" : [ + { + "doc" : "ExHook 服务器名称", + "hash" : "V-exhook-S-exhook-servers-S-server-name", + "text" : "name", + "type" : "String" + }, + { + "doc" : "gRPC 服务器地址", + "hash" : "V-exhook-S-exhook-servers-S-server-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "gRPC 服务器请求超时
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-exhook-S-exhook-servers-S-server-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "当 gRPC 请求失败后的操作", + "hash" : "V-exhook-S-exhook-servers-S-server-failed_action", + "text" : "failed_action", + "type" : "Enum(deny,ignore)", + "default" : "deny" + }, + { + "refs" : [ + { + "doc" : "SSL client configuration.", + "hash" : "T-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_conf" + } + ], + "hash" : "V-exhook-S-exhook-servers-S-server-ssl", + "text" : "ssl", + "type" : "Struct(ssl_conf)" + }, + { + "refs" : [ + { + "doc" : "连接套接字设置", + "hash" : "T-exhook-S-exhook-servers-S-server-socket_options-S-socket_options", + "fields" : [ + { + "doc" : "当没有其他数据交换时,是否向连接的对端套接字定期的发送探测包。如果另一端没有响应,则认为连接断开,并向控制进程发送错误消息。", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-keepalive", + "text" : "keepalive", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "如果为 true,则为套接字设置 TCP_NODELAY 选项,这意味着会立即发送数据包", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "套接字的最小接收缓冲区大小
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "套接字的最小发送缓冲区大小
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + } + ], + "text" : "socket_options" + } + ], + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options", + "text" : "socket_options", + "type" : "Struct(socket_options)", + "default" : "{keepalive = true, nodelay = true}" + }, + { + "doc" : "自动重连到 gRPC 服务器的设置。\n当 gRPC 服务器不可用时,Exhook 将会按照这里设置的间隔时间进行重连,并重新初始化注册的钩子", + "hash" : "V-exhook-S-exhook-servers-S-server-auto_reconnect", + "text" : "auto_reconnect", + "type" : "OneOf(String(\"false\"),Duration)", + "default" : "\"60s\"" + }, + { + "doc" : "gRPC 客户端进程池大小", + "hash" : "V-exhook-S-exhook-servers-S-server-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + } + ], + "text" : "server" + } + ], + "hash" : "V-exhook-S-exhook-servers", + "text" : "servers", + "type" : "Array(Struct(server))", + "default" : "[]" + } + ], + "text" : "exhook" + } + ], + "hash" : "V-exhook", + "text" : "exhook", + "type" : "Struct(exhook)" + }, + { + "refs" : [ + { + "doc" : "此配置用于启用 TLS-PSK 身份验证。\n\nPSK 是 “Pre-Shared-Keys” 的缩写。\n\n注意: 确保 SSL 监听器仅启用了 'tlsv1.2',并且配置了 PSK 密码套件,例如 'RSA-PSK-AES256-GCM-SHA384'。\n\n可以通过查看监听器中的 SSL 选项,了解更多详细信息。\n\n可以通过配置 'init_file' 来设置初始化的 ID 和 密钥", + "hash" : "T-psk_authentication-S-psk_authentication", + "fields" : [ + { + "doc" : "是否开启 TLS PSK 支持", + "hash" : "V-psk_authentication-S-psk_authentication-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "如果设置了初始化文件,EMQX 将在启动时从初始化文件中导入 PSK 信息到内建数据库中。\n这个文件需要按行进行组织,每一行必须遵守如下格式: PSKIdentity:SharedSecret\n例如: mydevice1:c2VjcmV0", + "hash" : "V-psk_authentication-S-psk_authentication-init_file", + "text" : "init_file", + "type" : "String" + }, + { + "doc" : "PSK 文件中 PSKIdentitySharedSecret 之间的分隔符", + "hash" : "V-psk_authentication-S-psk_authentication-separator", + "text" : "separator", + "type" : "String", + "default" : "\":\"" + }, + { + "doc" : "将 PSK 文件导入到内建数据时每个块的大小", + "hash" : "V-psk_authentication-S-psk_authentication-chunk_size", + "text" : "chunk_size", + "type" : "Integer", + "default" : "50" + } + ], + "text" : "psk_authentication" + } + ], + "hash" : "V-psk_authentication", + "text" : "psk_authentication", + "type" : "Struct(psk_authentication)" + }, + { + "refs" : [ + { + "doc" : "Configuration for `slow_subs` feature.", + "hash" : "T-slow_subs-S-slow_subs", + "fields" : [ + { + "doc" : "开启慢订阅", + "hash" : "V-slow_subs-S-slow_subs-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "慢订阅统计的阈值
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-slow_subs-S-slow_subs-threshold", + "text" : "threshold", + "type" : "Duration", + "default" : "\"500ms\"" + }, + { + "doc" : "慢订阅记录的有效时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-slow_subs-S-slow_subs-expire_interval", + "text" : "expire_interval", + "type" : "Duration", + "default" : "\"300s\"" + }, + { + "doc" : "慢订阅统计表的记录数量上限", + "hash" : "V-slow_subs-S-slow_subs-top_k_num", + "text" : "top_k_num", + "type" : "Integer(1..+inf)", + "default" : "10" + }, + { + "doc" : "慢订阅的统计类型", + "hash" : "V-slow_subs-S-slow_subs-stats_type", + "text" : "stats_type", + "type" : "Enum(whole,internal,response)", + "default" : "whole" + } + ], + "text" : "slow_subs" + } + ], + "hash" : "V-slow_subs", + "text" : "slow_subs", + "type" : "Struct(slow_subs)" + }, + { + "refs" : [ + { + "doc" : "Open Telemetry 工具包配置", + "hash" : "T-opentelemetry-S-opentelemetry", + "fields" : [ + { + "doc" : "Open Telemetry 指标配置。", + "refs" : [ + { + "doc" : "Open Telemetry 指标配置。", + "hash" : "T-opentelemetry-S-opentelemetry-metrics-S-otel_metrics", + "fields" : [ + { + "doc" : "启用或禁用 open telemetry 指标", + "hash" : "V-opentelemetry-S-opentelemetry-metrics-S-otel_metrics-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "两次连续导出 Open Telemetry 信号之间的延迟间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-opentelemetry-S-opentelemetry-metrics-S-otel_metrics-interval", + "aliases" : [ + "scheduled_delay" + ], + "text" : "interval", + "type" : "Duration", + "default" : "\"10s\"" + } + ], + "text" : "otel_metrics" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-metrics", + "text" : "metrics", + "type" : "Struct(otel_metrics)" + }, + { + "doc" : "Open Telemetry 日志配置。如果启用,EMQX 将安装一个日志处理器,根据 Open Telemetry 日志数据模型格式化事件,并将它们导出到配置的 Open Telemetry 收集器或后端。", + "refs" : [ + { + "doc" : "Open Telemetry 日志配置。如果启用,EMQX 将安装一个日志处理器,根据 Open Telemetry 日志数据模型格式化事件,并将它们导出到配置的 Open Telemetry 收集器或后端。", + "hash" : "T-opentelemetry-S-opentelemetry-logs-S-otel_logs", + "fields" : [ + { + "doc" : "Open Telemetry 日志处理器的日志级别。", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "启用或禁用 open telemetry 指标", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "两次连续导出 Open Telemetry 信号之间的延迟间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-scheduled_delay", + "text" : "scheduled_delay", + "type" : "Duration", + "default" : "\"1s\"" + } + ], + "text" : "otel_logs" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-logs", + "text" : "logs", + "type" : "Struct(otel_logs)" + }, + { + "doc" : "Open Telemetry 追踪配置。", + "refs" : [ + { + "doc" : "Open Telemetry 追踪配置。", + "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces", + "fields" : [ + { + "doc" : "启用或禁用 open telemetry 指标", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "两次连续导出 Open Telemetry 信号之间的延迟间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-scheduled_delay", + "text" : "scheduled_delay", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Open Telemetry 追踪过滤器配置", + "refs" : [ + { + "doc" : "Open Telemetry 追踪过滤器配置", + "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter", + "fields" : [ + { + "doc" : "如果启用,将追踪所有发布的消息,如果无法从消息中提取追踪 ID,则生成新的追踪 ID。\n否则,只追踪带有追踪上下文的消息。默认禁用。", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-trace_all", + "text" : "trace_all", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "trace_filter" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter", + "text" : "filter", + "type" : "Struct(trace_filter)" + } + ], + "text" : "otel_traces" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-traces", + "text" : "traces", + "type" : "Struct(otel_traces)" + }, + { + "doc" : "Open Telemetry 导出器", + "refs" : [ + { + "doc" : "Open Telemetry 导出器", + "hash" : "T-opentelemetry-S-opentelemetry-exporter-S-otel_exporter", + "fields" : [ + { + "doc" : "导出器将要发送 Open Telemetry 信号数据的目标 URL。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-endpoint", + "text" : "endpoint", + "type" : "String", + "default" : "\"http://localhost:4317\"" + }, + { + "doc" : "Open Telemetry 导出器的 SSL 配置", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "otel_exporter" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-exporter", + "text" : "exporter", + "type" : "Struct(otel_exporter)" + } + ], + "text" : "opentelemetry" + } + ], + "hash" : "V-opentelemetry", + "text" : "opentelemetry", + "type" : "Struct(opentelemetry)" + }, + { + "refs" : [ + { + "doc" : "API 密钥, 可用于请求除管理 API 密钥及 Dashboard 用户管理 API 的其它接口", + "hash" : "T-api_key-S-api_key", + "fields" : [ + { + "doc" : "用于在启动 EMQX 时,添加 API 密钥,其格式为 {appid}:{secret},多个密钥用换行分隔。:\n ```\n 7e729ae70d23144b:2QILI9AcQ9BYlVqLDHQNWN2saIjBV4egr1CZneTNKr9CpK\n ec3907f865805db0:Ee3taYltUKtoBVD9C3XjQl9C6NXheip8Z9B69BpUv5JxVHL\n ```", + "hash" : "V-api_key-S-api_key-bootstrap_file", + "text" : "bootstrap_file", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "api_key" + } + ], + "hash" : "V-api_key", + "text" : "api_key", + "type" : "Struct(api_key)" + } + ], + "text" : "root" +} \ No newline at end of file diff --git a/hocon/hocon-ee-v5.8.2-en.json b/hocon/hocon-ee-v5.8.2-en.json new file mode 100644 index 000000000..55246214f --- /dev/null +++ b/hocon/hocon-ee-v5.8.2-en.json @@ -0,0 +1,34589 @@ +{ + "doc" : "", + "hash" : "T-root", + "fields" : [ + { + "refs" : [ + { + "doc" : "MQTT listeners identified by their protocol type and assigned names", + "hash" : "T-listeners-S-listeners", + "fields" : [ + { + "doc" : "TCP listeners.", + "refs" : [ + { + "doc" : "Settings for the MQTT over TCP listener.", + "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener", + "fields" : [ + { + "doc" : "IP address and port for the listening socket.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "1883" + }, + { + "doc" : "The size of the listener's receiving pool.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.
\nSet to `\"\"` to disable the feature.
\n\nVariables in mountpoint string:\n - ${clientid}: clientid\n - ${username}: username", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "Used to limit the rate at which the current listener accepts connections.\n\nOnce the limit is reached, EMQX will pause fetching connections from the Accept queue, thereby delaying or rejecting new connections.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "Used to limit the number of messages a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be delayed.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be delayed.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "Used to limit the number of bytes a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be delayed.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be delayed.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + } + ], + "text" : "mqtt_tcp_listener" + } + ], + "hash" : "V-listeners-S-listeners-tcp", + "text" : "tcp", + "type" : "Map($name->OneOf(Struct(mqtt_tcp_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "SSL listeners.", + "refs" : [ + { + "doc" : "Settings for the MQTT over SSL listener.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener", + "fields" : [ + { + "doc" : "IP address and port for the listening socket.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8883" + }, + { + "doc" : "The size of the listener's receiving pool.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.
\nSet to `\"\"` to disable the feature.
\n\nVariables in mountpoint string:\n - ${clientid}: clientid\n - ${username}: username", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "Used to limit the rate at which the current listener accepts connections.\n\nOnce the limit is reached, EMQX will pause fetching connections from the Accept queue, thereby delaying or rejecting new connections.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "Used to limit the number of messages a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be delayed.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be delayed.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "Used to limit the number of bytes a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be delayed.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be delayed.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "mqtt_ssl_listener" + } + ], + "hash" : "V-listeners-S-listeners-ssl", + "text" : "ssl", + "type" : "Map($name->OneOf(Struct(mqtt_ssl_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "HTTP websocket listeners.", + "refs" : [ + { + "doc" : "Settings for the MQTT over WebSocket listener.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener", + "fields" : [ + { + "doc" : "IP address and port for the listening socket.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8083" + }, + { + "doc" : "The size of the listener's receiving pool.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.
\nSet to `\"\"` to disable the feature.
\n\nVariables in mountpoint string:\n - ${clientid}: clientid\n - ${username}: username", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "Used to limit the rate at which the current listener accepts connections.\n\nOnce the limit is reached, EMQX will pause fetching connections from the Accept queue, thereby delaying or rejecting new connections.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "Used to limit the number of messages a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be delayed.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be delayed.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "Used to limit the number of bytes a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be delayed.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be delayed.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "WebSocket listener options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts", + "fields" : [ + { + "doc" : "WebSocket's MQTT protocol path. By default, the full URL for the WebSocket client to connect is:\n`ws://{host}:{port}/mqtt`.\nAppend `/[...]` to the end of the path to make EMQX accept any subpath.\nFor example, specifying `mqtt/[...]` would allow clients to connect at paths like\n`mqtt/org1` or `mqtt/group2`, etc.\n\nNOTE: An unmatched path will cause the client to be rejected immediately at the HTTP layer,\nmeaning it will not be traceable at the MQTT layer.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_path", + "text" : "mqtt_path", + "type" : "String", + "default" : "\"/mqtt\"" + }, + { + "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_piggyback", + "text" : "mqtt_piggyback", + "type" : "Enum(single,multiple)", + "default" : "multiple" + }, + { + "doc" : "If true, compress WebSocket messages using zlib.\n\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "The maximum length of a single MQTT packet.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Comma-separated list of supported subprotocols.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\"" + }, + { + "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "List of allowed origins.
See check_origin_enable.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "The HTTP request header that carries the original client's IP address, EMQX will take the leftmost IP in the header as the original client's IP.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "The HTTP request header that carries the original client's source port, EMQX will take the leftmost port in the header as the original client's source port.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "Compression level.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "Specifies the compression strategy.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "Takeover means the compression state is retained between server messages.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Takeover means the compression state is retained between client messages.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Specifies the size of the compression context for the server.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "Specifies the size of the compression context for the client.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + }, + { + "doc" : "Whether to verify that the payload of `text` and `close` frames is valid UTF-8. Disabling it can save resources and improve performance.", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-validate_utf8", + "text" : "validate_utf8", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "ws_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket", + "text" : "websocket", + "type" : "Struct(ws_opts)" + } + ], + "text" : "mqtt_ws_listener" + } + ], + "hash" : "V-listeners-S-listeners-ws", + "text" : "ws", + "type" : "Map($name->OneOf(Struct(mqtt_ws_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "HTTPS websocket listeners.", + "refs" : [ + { + "doc" : "Settings for the MQTT over WebSocket/SSL listener.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener", + "fields" : [ + { + "doc" : "IP address and port for the listening socket.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8084" + }, + { + "doc" : "The size of the listener's receiving pool.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.
\nSet to `\"\"` to disable the feature.
\n\nVariables in mountpoint string:\n - ${clientid}: clientid\n - ${username}: username", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "Used to limit the rate at which the current listener accepts connections.\n\nOnce the limit is reached, EMQX will pause fetching connections from the Accept queue, thereby delaying or rejecting new connections.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "Used to limit the number of messages a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be delayed.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be delayed.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "Used to limit the number of bytes a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be delayed.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be delayed.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "Socket options for WebSocket/SSL connections.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "listener_wss_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_wss_opts)" + }, + { + "refs" : [ + { + "doc" : "WebSocket listener options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts", + "fields" : [ + { + "doc" : "WebSocket's MQTT protocol path. By default, the full URL for the WebSocket client to connect is:\n`ws://{host}:{port}/mqtt`.\nAppend `/[...]` to the end of the path to make EMQX accept any subpath.\nFor example, specifying `mqtt/[...]` would allow clients to connect at paths like\n`mqtt/org1` or `mqtt/group2`, etc.\n\nNOTE: An unmatched path will cause the client to be rejected immediately at the HTTP layer,\nmeaning it will not be traceable at the MQTT layer.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_path", + "text" : "mqtt_path", + "type" : "String", + "default" : "\"/mqtt\"" + }, + { + "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_piggyback", + "text" : "mqtt_piggyback", + "type" : "Enum(single,multiple)", + "default" : "multiple" + }, + { + "doc" : "If true, compress WebSocket messages using zlib.\n\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "The maximum length of a single MQTT packet.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Comma-separated list of supported subprotocols.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\"" + }, + { + "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "List of allowed origins.
See check_origin_enable.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "The HTTP request header that carries the original client's IP address, EMQX will take the leftmost IP in the header as the original client's IP.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "The HTTP request header that carries the original client's source port, EMQX will take the leftmost port in the header as the original client's source port.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "Compression level.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "Specifies the compression strategy.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "Takeover means the compression state is retained between server messages.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Takeover means the compression state is retained between client messages.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Specifies the size of the compression context for the server.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "Specifies the size of the compression context for the client.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + }, + { + "doc" : "Whether to verify that the payload of `text` and `close` frames is valid UTF-8. Disabling it can save resources and improve performance.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-validate_utf8", + "text" : "validate_utf8", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "ws_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket", + "text" : "websocket", + "type" : "Struct(ws_opts)" + } + ], + "text" : "mqtt_wss_listener" + } + ], + "hash" : "V-listeners-S-listeners-wss", + "text" : "wss", + "type" : "Map($name->OneOf(Struct(mqtt_wss_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "QUIC listeners.", + "refs" : [ + { + "doc" : "Settings for the MQTT over QUIC listener.", + "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener", + "fields" : [ + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\n\nNOTE: QUIC listener supports only 'tlsv1.3' ciphers", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256]" + }, + { + "doc" : "TLS options for QUIC transport", + "refs" : [ + { + "doc" : "TLS options for QUIC transport.", + "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "listener_quic_ssl_opts" + } + ], + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_quic_ssl_opts)" + }, + { + "doc" : "IP address and port for the listening socket.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "14567" + }, + { + "doc" : "The size of the listener's receiving pool.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.
\nSet to `\"\"` to disable the feature.
\n\nVariables in mountpoint string:\n - ${clientid}: clientid\n - ${username}: username", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "Used to limit the rate at which the current listener accepts connections.\n\nOnce the limit is reached, EMQX will pause fetching connections from the Accept queue, thereby delaying or rejecting new connections.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "Used to limit the number of messages a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be delayed.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be delayed.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "Used to limit the number of bytes a single client can send to EMQX per second.\n\nOnce the limit is reached, EMQX will pause reading data from the receive-buffer, thus slowing down or even temporarily hanging the sender.\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be delayed.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be delayed.", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + } + ], + "text" : "mqtt_quic_listener" + } + ], + "hash" : "V-listeners-S-listeners-quic", + "text" : "quic", + "type" : "Map($name->OneOf(Struct(mqtt_quic_listener),String(\"marked_for_deletion\")))" + } + ], + "text" : "listeners" + } + ], + "hash" : "V-listeners", + "text" : "listeners", + "type" : "Struct(listeners)" + }, + { + "doc" : "Global MQTT configuration.\nThe configs here work as default values which can be overridden in zone configs", + "refs" : [ + { + "doc" : "Global MQTT configuration.", + "hash" : "T-mqtt-S-mqtt", + "fields" : [ + { + "doc" : "Configure the duration of time that a connection can remain idle (i.e., without any data transfer) before being:\n - Automatically disconnected if no CONNECT package is received from the client yet.\n - Put into hibernation mode to save resources if some CONNECT packages are already received.\nNote: Please set the parameter with caution as long idle time will lead to resource waste.", + "hash" : "V-mqtt-S-mqtt-idle_timeout", + "text" : "idle_timeout", + "type" : "OneOf(String(\"infinity\"),Duration)", + "default" : "\"15s\"" + }, + { + "doc" : "Maximum MQTT packet size allowed. Default: 1 MB, Maximum: 256 MB
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-mqtt-S-mqtt-max_packet_size", + "text" : "max_packet_size", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "Maximum allowed length of MQTT Client ID.", + "hash" : "V-mqtt-S-mqtt-max_clientid_len", + "text" : "max_clientid_len", + "type" : "Integer(23..65535)", + "default" : "65535" + }, + { + "doc" : "Maximum topic levels allowed.", + "hash" : "V-mqtt-S-mqtt-max_topic_levels", + "text" : "max_topic_levels", + "type" : "Integer(1..65535)", + "default" : "128" + }, + { + "doc" : "Maximum topic alias, 0 means no topic alias supported.", + "hash" : "V-mqtt-S-mqtt-max_topic_alias", + "text" : "max_topic_alias", + "type" : "Integer(0..65535)", + "default" : "65535" + }, + { + "doc" : "Whether to enable support for MQTT retained message.", + "hash" : "V-mqtt-S-mqtt-retain_available", + "text" : "retain_available", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Whether to enable support for MQTT wildcard subscription.", + "hash" : "V-mqtt-S-mqtt-wildcard_subscription", + "text" : "wildcard_subscription", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Whether to enable support for MQTT shared subscription.", + "hash" : "V-mqtt-S-mqtt-shared_subscription", + "text" : "shared_subscription", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Dispatch strategy for shared subscription.\n - `random`: Randomly select a subscriber for dispatch;\n - `round_robin`: Clients in a shared subscription group will consume messages in turn, and the progress of the loop is recorded independently in each publisher, so two adjacent messages from **different publishers** may be consumed by the same client in the subscription group;\n - `round_robin_per_group`: Clients in a shared subscription group will consume messages in turn, and the progress of the loop is recorded independently in each node, so two adjacent messages from **different nodes** may be consumed by the same client in the subscription group;\n - `local`: Randomly select a subscriber on the current node, if there are no subscribers on the current node, then randomly select within the cluster;\n - `sticky`: Continuously dispatch messages to the initially selected subscriber until their session ends. The initial selection is made based on `mqtt_shared_subscription_initial_sticky_pick`;\n - `hash_clientid`: Hash the publisher's client ID to select a subscriber;\n - `hash_topic`: Hash the publishing topic to select a subscriber.", + "hash" : "V-mqtt-S-mqtt-shared_subscription_strategy", + "text" : "shared_subscription_strategy", + "type" : "Enum(random,round_robin,round_robin_per_group,sticky,local,hash_topic,hash_clientid)", + "default" : "round_robin" + }, + { + "doc" : "The strategy to use for the initial subscriber pick when shared_subscription_strategy is `sticky`.\n - `random`: Randomly select the subscriber;\n - `local`: Randomly select a subscriber on the current node, if there are no subscribers on the current node, then randomly select within the cluster;\n - `hash_clientid`: Hash the publisher's client ID to select a subscriber;\n - `hash_topic`: Hash the publishing topic to select a subscriber.", + "hash" : "V-mqtt-S-mqtt-shared_subscription_initial_sticky_pick", + "text" : "shared_subscription_initial_sticky_pick", + "type" : "Enum(random,local,hash_topic,hash_clientid)", + "default" : "random" + }, + { + "doc" : "Whether to enable support for MQTT exclusive subscription.", + "hash" : "V-mqtt-S-mqtt-exclusive_subscription", + "text" : "exclusive_subscription", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Whether the messages sent by the MQTT v3.1.1/v3.1.0 client will be looped back to the publisher itself, similar to No Local in MQTT 5.0.", + "hash" : "V-mqtt-S-mqtt-ignore_loop_deliver", + "text" : "ignore_loop_deliver", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Whether to parse MQTT messages in strict mode.\nIn strict mode, invalid utf8 strings in for example client ID, topic name, etc. will cause the client to be disconnected.", + "hash" : "V-mqtt-S-mqtt-strict_mode", + "text" : "strict_mode", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "UTF-8 string, for creating the response topic, for example, if set to reqrsp/, the publisher/subscriber will communicate using the topic prefix reqrsp/.\nTo disable this feature, input \"\" in the text box below. Only applicable to MQTT 5.0 clients.", + "hash" : "V-mqtt-S-mqtt-response_information", + "text" : "response_information", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The keep alive duration required by EMQX. To use the setting from the client side, choose disabled from the drop-down list. Only applicable to MQTT 5.0 clients.", + "hash" : "V-mqtt-S-mqtt-server_keepalive", + "text" : "server_keepalive", + "type" : "OneOf(Integer(1..+inf),String(\"disabled\"))", + "default" : "disabled" + }, + { + "doc" : "Keep-Alive Timeout = Keep-Alive interval × Keep-Alive Multiplier.\nThe default value 1.5 is following the MQTT 5.0 specification. This multiplier is adjustable, providing system administrators flexibility for tailoring to their specific needs. For instance, if a client's 10-second Keep-Alive interval PINGREQ gets delayed by an extra 10 seconds, changing the multiplier to 2 lets EMQX tolerate this delay.", + "hash" : "V-mqtt-S-mqtt-keepalive_multiplier", + "text" : "keepalive_multiplier", + "type" : "Number", + "default" : "1.5" + }, + { + "doc" : "The frequency of checking for incoming MQTT packets determines how often the server will check for new MQTT packets.\nIf a certain amount of time passes without any packets being sent from the client, this time will be added up.\nOnce the accumulated time exceeds `keepalive-interval * keepalive-multiplier`, the connection will be terminated.\nThe default is set to 30 seconds, with a minimum value of 1 second and a maximum value of `keepalive-interval / 2`.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-mqtt-S-mqtt-keepalive_check_interval", + "text" : "keepalive_check_interval", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "Retry interval for QoS 1/2 message delivering.", + "hash" : "V-mqtt-S-mqtt-retry_interval", + "text" : "retry_interval", + "type" : "OneOf(String(\"infinity\"),Duration)", + "default" : "infinity" + }, + { + "doc" : "Whether to use Username as Client ID.\nThis setting takes effect later than `peer_cert_as_username` and `peer_cert_as_clientid`.", + "hash" : "V-mqtt-S-mqtt-use_username_as_clientid", + "text" : "use_username_as_clientid", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Use the CN, DN field in the peer certificate or the entire certificate content as Username. Only works for the TLS connection.\nSupported configurations are the following:\n- cn: CN field of the certificate\n- dn: DN field of the certificate\n- crt: Content of the DER or PEM certificate\n- pem: Convert DER certificate content to PEM format and use as Username\n- md5: MD5 value of the DER or PEM certificate", + "hash" : "V-mqtt-S-mqtt-peer_cert_as_username", + "text" : "peer_cert_as_username", + "type" : "Enum(disabled,cn,dn,crt,pem,md5)", + "default" : "disabled" + }, + { + "doc" : "Use the CN, DN field in the peer certificate or the entire certificate content as Client ID. Only works for the TLS connection.\nSupported configurations are the following:\n- cn: CN field of the certificate\n- dn: DN field of the certificate\n- crt: DER or PEM certificate\n- pem: Convert DER certificate content to PEM format and use as Client ID\n- md5: MD5 value of the DER or PEM certificate", + "hash" : "V-mqtt-S-mqtt-peer_cert_as_clientid", + "text" : "peer_cert_as_clientid", + "type" : "Enum(disabled,cn,dn,crt,pem,md5)", + "default" : "disabled" + }, + { + "doc" : "Specify how to initialize client attributes.\nEach client attribute can be initialized as `client_attrs.{NAME}`,\nwhere `{NAME}` is the name of the attribute specified in the config field `set_as_attr`.\nThe initialized client attribute will be stored in the `client_attrs` property with the specified name,\nand can be used as a placeholder in a template for authentication and authorization.\nFor example, use `${client_attrs.alias}` to render an HTTP POST body when `set_as_attr = alias`,\nor render listener config `moutpoint = devices/${client_attrs.alias}/` to initialize a per-client topic namespace.", + "refs" : [ + { + "doc" : "Specify how to initialize client attributes.\nEach client attribute can be initialized as `client_attrs.{NAME}`,\nwhere `{NAME}` is the name of the attribute specified in the config field `set_as_attr`.\nThe initialized client attribute will be stored in the `client_attrs` property with the specified name,\nand can be used as a placeholder in a template for authentication and authorization.\nFor example, use `${client_attrs.alias}` to render an HTTP POST body when `set_as_attr = alias`,\nor render listener config `moutpoint = devices/${client_attrs.alias}/` to initialize a per-client topic namespace.", + "hash" : "T-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init", + "fields" : [ + { + "doc" : "A one line expression to evaluate a set of predefined string functions (like in the rule engine SQL statements).\nThe expression can be a function call with nested calls as its arguments, or direct variable reference.\nSo far, it does not provide user-defined variable binding (like `var a=1`) or user-defined functions.\nAs an example, to extract the prefix of client ID delimited by a dot: `nth(1, tokens(clientid, '.'))`.\n\nThe variables pre-bound variables are:\n- `cn`: Client's TLS certificate common name.\n- `dn`: Client's TLS certificate distinguished name (the subject).\n- `clientid`: MQTT Client ID.\n- `username`: MQTT Client's username.\n- `user_property.{NAME}`: User properties in the CONNECT packet.\n\nYou can read more about variform expressions in EMQX docs.", + "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-expression", + "text" : "expression", + "type" : "String" + }, + { + "doc" : "The name of the client attribute extracted from the client data.\nThe extracted attribute will be stored in the `client_attrs` property with this name.", + "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-set_as_attr", + "text" : "set_as_attr", + "type" : "String" + } + ], + "text" : "client_attrs_init" + } + ], + "hash" : "V-mqtt-S-mqtt-client_attrs_init", + "text" : "client_attrs_init", + "type" : "Array(Struct(client_attrs_init))", + "default" : "[]" + }, + { + "doc" : "Specifies how long the session will expire after the connection is disconnected, only for non-MQTT 5.0 connections.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-mqtt-S-mqtt-session_expiry_interval", + "text" : "session_expiry_interval", + "type" : "Duration", + "default" : "\"2h\"" + }, + { + "doc" : "The expiry interval of MQTT messages. For MQTT 5.0 clients, this configuration will only take effect when the `Message-Expiry-Interval` property is not set in the message; otherwise, the value of the `Message-Expiry-Interval` property will be used. For MQTT versions older than 5.0, this configuration will always take effect. Please note that setting `message_expiry_interval` greater than `session_expiry_interval` is meaningless, as all messages will be cleared when the session expires.", + "hash" : "V-mqtt-S-mqtt-message_expiry_interval", + "text" : "message_expiry_interval", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "infinity" + }, + { + "doc" : "For each publisher session, the maximum number of outstanding QoS 2 messages pending on the client to send PUBREL. After reaching this limit, new QoS 2 PUBLISH requests will be rejected with `147(0x93)` until either PUBREL is received or timed out.", + "hash" : "V-mqtt-S-mqtt-max_awaiting_rel", + "text" : "max_awaiting_rel", + "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))", + "default" : "100" + }, + { + "doc" : "Maximum QoS allowed.", + "hash" : "V-mqtt-S-mqtt-max_qos_allowed", + "text" : "max_qos_allowed", + "type" : "Integer(0..2)", + "default" : "2" + }, + { + "doc" : "Topic priority list. Prioritize messages in the message queue by topic. The priority range is `[1, 255]`.\n\nThe larger the value, the higher the priority. Messages with higher priority will be sent first.\n\nTopics not in this list will use the default priority (specified by `mqueue_default_priority`).\n\nBy default, this list is empty, which means all topics have the same priority.\n\nNote: commas and equal signs are not supported in topic names.\n\nFor example, if you want `topic/1` to have a higher priority than `topic/2`, you can configure it like this:\n\n`mqueue_priorities: {\\\"topic/1\\\": 10, \\\"topic/2\\\": 8}`", + "hash" : "V-mqtt-S-mqtt-mqueue_priorities", + "text" : "mqueue_priorities", + "type" : "OneOf(String(\"disabled\"),Map)", + "default" : "disabled" + }, + { + "doc" : "Default topic priority, which will be used by topics not in Topic Priorities (mqueue_priorities).", + "hash" : "V-mqtt-S-mqtt-mqueue_default_priority", + "text" : "mqueue_default_priority", + "type" : "Enum(highest,lowest)", + "default" : "lowest" + }, + { + "doc" : "Specifies whether to store QoS 0 messages in the message queue while the connection is down but the session remains.", + "hash" : "V-mqtt-S-mqtt-mqueue_store_qos0", + "text" : "mqueue_store_qos0", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum queue length. Enqueued messages when persistent client disconnected, or inflight window is full.", + "hash" : "V-mqtt-S-mqtt-max_mqueue_len", + "text" : "max_mqueue_len", + "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))", + "default" : "1000" + }, + { + "doc" : "Maximum number of QoS 1 and QoS 2 messages that are allowed to be delivered simultaneously before completing the acknowledgment.", + "hash" : "V-mqtt-S-mqtt-max_inflight", + "text" : "max_inflight", + "type" : "Integer(1..65535)", + "default" : "32" + }, + { + "doc" : "Maximum number of subscriptions allowed per client.", + "hash" : "V-mqtt-S-mqtt-max_subscriptions", + "text" : "max_subscriptions", + "type" : "OneOf(Integer(1..inf),String(\"infinity\"))", + "default" : "infinity" + }, + { + "doc" : "Force upgrade of QoS level according to subscription.", + "hash" : "V-mqtt-S-mqtt-upgrade_qos", + "text" : "upgrade_qos", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "For client to broker QoS 2 message, the time limit for the broker to wait before the `PUBREL` message is received. The wait is aborted after timed out, meaning the packet ID is freed for new `PUBLISH` requests. Receiving a stale `PUBREL` causes a warning level log. Note, the message is delivered to subscribers before entering the wait for PUBREL.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-mqtt-S-mqtt-await_rel_timeout", + "text" : "await_rel_timeout", + "type" : "Duration", + "default" : "\"300s\"" + } + ], + "text" : "mqtt" + } + ], + "hash" : "V-mqtt", + "text" : "mqtt", + "type" : "Struct(mqtt)" + }, + { + "doc" : "Default authentication configs for all MQTT listeners.\n\nFor per-listener overrides see authentication in listener configs\n\nThis option can be configured with:\n
    \n
  • []: The default value, it allows *ALL* logins
    • \n
  • one: For example {enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}
    • \n
  • chain: An array of structs.
    • \n
\n\nWhen a chain is configured, the login credentials are checked against the backends per the configured order, until an 'allow' or 'deny' decision can be made.\n\nIf there is no decision after a full chain exhaustion, the login is rejected.", + "refs" : [ + { + "doc" : "Configuration of authenticator using built-in database as data source.", + "hash" : "T-authentication-S-builtin_db", + "fields" : [ + { + "doc" : "Options for password hash creation and verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm (for DB backends with write capability).", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + }, + { + "doc" : "Work factor for BCRYPT password generation.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-salt_rounds", + "text" : "salt_rounds", + "type" : "Integer(5..10)", + "default" : "10" + } + ], + "text" : "bcrypt_rw" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt_rw),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-builtin_db-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-builtin_db-backend", + "text" : "backend", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "Specify whether to use `clientid` or `username` for authentication.", + "hash" : "V-authentication-S-builtin_db-user_id_type", + "text" : "user_id_type", + "type" : "Enum(clientid,username)", + "default" : "username" + }, + { + "doc" : "The bootstrap file imports users into the built-in database.\nIt will not import a user ID that already exists in the database.\nThe file content format is determined by `bootstrap_type`.", + "hash" : "V-authentication-S-builtin_db-bootstrap_file", + "text" : "bootstrap_file", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/auth-built-in-db-bootstrap.csv\"" + }, + { + "doc" : "Specify which type of content the bootstrap file has.\n\n- **`plain`**:\n - Expected data fields: `user_id`, `password`, `is_superuser`\n - `user_id`: Can be Client ID or username, depending on built-in database authentication's `user_id_type` config.\n - `password`: User's plaintext password.\n - `is_superuser`: Boolean, user's administrative status.\n\n- **`hash`**:\n - Expected data fields: `user_id`,`password_hash`,`salt`,`is_superuser`\n - Definitions similar to `plain` type, with `password_hash` and `salt` added for security.\n\nThe content can be either in CSV, or JSON format.\n\nHere is a CSV example: `user_id,password_hash,salt,is_superuser\\nmy_user,b6c743545a7817ae8c8f624371d5f5f0373234bb0ff36b8ffbf19bce0e06ab75,de1024f462fb83910fd13151bd4bd235,true`\n\nAnd JSON content should be decoded into an array of objects, for example: `[{\"user_id\": \"my_user\",\"password\": \"s3cr3tp@ssw0rd\",\"is_superuser\": true}]`.\n\nThe hash string for `password_hash` depends on how `password_hash_algorithm` is configured for the built-in database authentication mechanism. For example, if it's configured as `password_hash_algorithm {name = sha256, salt_position = suffix}`, then the salt is appended to the password before hashed. Here is the equivalent Python expression: `hashlib.sha256(password + salt).hexdigest()`.", + "hash" : "V-authentication-S-builtin_db-bootstrap_type", + "text" : "bootstrap_type", + "type" : "Enum(hash,plain)", + "default" : "plain" + } + ], + "text" : "builtin_db" + }, + { + "doc" : "Configuration of authenticator using MySQL as authentication data source.", + "hash" : "T-authentication-S-mysql", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-mysql-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-mysql-backend", + "text" : "backend", + "type" : "String(\"mysql\")" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mysql-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "SQL used to query data for authentication, such as password hash.", + "hash" : "V-authentication-S-mysql-query", + "text" : "query", + "type" : "String" + }, + { + "doc" : "Timeout for the SQL query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mysql-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MySQL default port 3306 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-mysql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authentication-S-mysql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-mysql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-mysql-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mysql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-mysql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mysql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mysql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mysql" + }, + { + "doc" : "Configuration of authenticator using PostgreSQL as authentication data source.", + "hash" : "T-authentication-S-postgresql", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-postgresql-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-postgresql-backend", + "text" : "backend", + "type" : "String(\"postgresql\")" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-postgresql-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "SQL used to query data for authentication, such as password hash.", + "hash" : "V-authentication-S-postgresql-query", + "text" : "query", + "type" : "String" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-postgresql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.", + "hash" : "V-authentication-S-postgresql-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Database name.", + "hash" : "V-authentication-S-postgresql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-postgresql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-postgresql-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-postgresql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-postgresql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-postgresql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-postgresql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "postgresql" + }, + { + "doc" : "Configuration of authenticator using MongoDB (Standalone) as authentication data source.", + "hash" : "T-authentication-S-mongo_single", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-mongo_single-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-mongo_single-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "Collection used to store authentication data.", + "hash" : "V-authentication-S-mongo_single-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authentication-S-mongo_single-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Document field that contains password hash.", + "hash" : "V-authentication-S-mongo_single-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "Document field that contains the password salt.", + "hash" : "V-authentication-S-mongo_single-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "Document field that defines if the user has superuser privileges.", + "hash" : "V-authentication-S-mongo_single-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "Standalone instance. Must be set to 'single' when MongoDB server is running in standalone mode.", + "hash" : "V-authentication-S-mongo_single-mongo_type", + "text" : "mongo_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-mongo_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authentication-S-mongo_single-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authentication-S-mongo_single-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-mongo_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-mongo_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authentication-S-mongo_single-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authentication-S-mongo_single-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authentication-S-mongo_single-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authentication-S-mongo_single-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_single-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_single" + }, + { + "doc" : "Configuration of authenticator using MongoDB (Replica Set) as authentication data source.", + "hash" : "T-authentication-S-mongo_rs", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-mongo_rs-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-mongo_rs-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "Collection used to store authentication data.", + "hash" : "V-authentication-S-mongo_rs-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authentication-S-mongo_rs-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Document field that contains password hash.", + "hash" : "V-authentication-S-mongo_rs-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "Document field that contains the password salt.", + "hash" : "V-authentication-S-mongo_rs-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "Document field that defines if the user has superuser privileges.", + "hash" : "V-authentication-S-mongo_rs-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "Replica set. Must be set to 'rs' when MongoDB server is running in 'replica set' mode.", + "hash" : "V-authentication-S-mongo_rs-mongo_type", + "text" : "mongo_type", + "type" : "String(\"rs\")", + "default" : "rs" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-mongo_rs-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authentication-S-mongo_rs-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Read mode.", + "hash" : "V-authentication-S-mongo_rs-r_mode", + "text" : "r_mode", + "type" : "Enum(master,slave_ok)", + "default" : "master" + }, + { + "doc" : "Name of the replica set.", + "hash" : "V-authentication-S-mongo_rs-replica_set_name", + "text" : "replica_set_name", + "type" : "String" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authentication-S-mongo_rs-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-mongo_rs-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-mongo_rs-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_rs-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authentication-S-mongo_rs-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authentication-S-mongo_rs-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authentication-S-mongo_rs-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authentication-S-mongo_rs-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_rs-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_rs-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_rs-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_rs" + }, + { + "doc" : "Configuration of authenticator using MongoDB (Sharded Cluster) as authentication data source.", + "hash" : "T-authentication-S-mongo_sharded", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-mongo_sharded-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-mongo_sharded-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "Collection used to store authentication data.", + "hash" : "V-authentication-S-mongo_sharded-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authentication-S-mongo_sharded-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Document field that contains password hash.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "Document field that contains the password salt.", + "hash" : "V-authentication-S-mongo_sharded-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "Document field that defines if the user has superuser privileges.", + "hash" : "V-authentication-S-mongo_sharded-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "Sharded cluster. Must be set to 'sharded' when MongoDB server is running in 'sharded' mode.", + "hash" : "V-authentication-S-mongo_sharded-mongo_type", + "text" : "mongo_type", + "type" : "String(\"sharded\")", + "default" : "sharded" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-mongo_sharded-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authentication-S-mongo_sharded-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authentication-S-mongo_sharded-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-mongo_sharded-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-mongo_sharded-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_sharded-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authentication-S-mongo_sharded-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authentication-S-mongo_sharded-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authentication-S-mongo_sharded-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authentication-S-mongo_sharded-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_sharded-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_sharded-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_sharded-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_sharded" + }, + { + "doc" : "Configuration of authenticator using Redis (Standalone) as authentication data source.", + "hash" : "T-authentication-S-redis_single", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-redis_single-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-redis_single-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "The Redis Command used to query data for authentication such as password hash, currently only supports HGET and HMGET.", + "hash" : "V-authentication-S-redis_single-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_single-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-redis_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Single mode. Must be set to 'single' when Redis server is running in single mode.", + "hash" : "V-authentication-S-redis_single-redis_type", + "text" : "redis_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-redis_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-redis_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis database ID.", + "hash" : "V-authentication-S-redis_single-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_single-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_single" + }, + { + "doc" : "Configuration of authenticator using Redis (Cluster) as authentication data source.", + "hash" : "T-authentication-S-redis_cluster", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-redis_cluster-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-redis_cluster-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "The Redis Command used to query data for authentication such as password hash, currently only supports HGET and HMGET.", + "hash" : "V-authentication-S-redis_cluster-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-redis_cluster-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Cluster mode. Must be set to 'cluster' when Redis server is running in clustered mode.", + "hash" : "V-authentication-S-redis_cluster-redis_type", + "text" : "redis_type", + "type" : "String(\"cluster\")", + "default" : "cluster" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-redis_cluster-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-redis_cluster-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_cluster-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_cluster-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_cluster-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_cluster-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_cluster" + }, + { + "doc" : "Configuration of authenticator using Redis (Sentinel) as authentication data source.", + "hash" : "T-authentication-S-redis_sentinel", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-redis_sentinel-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-redis_sentinel-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "The Redis Command used to query data for authentication such as password hash, currently only supports HGET and HMGET.", + "hash" : "V-authentication-S-redis_sentinel-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-redis_sentinel-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Sentinel mode. Must be set to 'sentinel' when Redis server is running in sentinel mode.", + "hash" : "V-authentication-S-redis_sentinel-redis_type", + "text" : "redis_type", + "type" : "String(\"sentinel\")", + "default" : "sentinel" + }, + { + "doc" : "The cluster name in Redis sentinel mode.", + "hash" : "V-authentication-S-redis_sentinel-sentinel", + "text" : "sentinel", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-redis_sentinel-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-redis_sentinel-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_sentinel-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis database ID.", + "hash" : "V-authentication-S-redis_sentinel-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_sentinel-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_sentinel-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_sentinel-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_sentinel" + }, + { + "doc" : "Configuration of authenticator using HTTP Server as authentication service (Using GET request).", + "hash" : "T-authentication-S-http_get", + "fields" : [ + { + "doc" : "HTTP request method.", + "hash" : "V-authentication-S-http_get-method", + "text" : "method", + "type" : "String(\"get\")" + }, + { + "doc" : "List of HTTP headers (without content-type).", + "hash" : "V-authentication-S-http_get-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-http_get-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-http_get-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "URL of the HTTP server.", + "hash" : "V-authentication-S-http_get-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP request body.", + "hash" : "V-authentication-S-http_get-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_get-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Configure HTTP request parameters.", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-http_get-request-S-request", + "fields" : [ + { + "doc" : "HTTP method.", + "hash" : "V-authentication-S-http_get-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-http_get-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-http_get-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-authentication-S-http_get-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-authentication-S-http_get-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_get-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-http_get-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-http_get-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-http_get-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "The pool size.", + "hash" : "V-authentication-S-http_get-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_get-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_get-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-http_get-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-authentication-S-http_get-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + } + ], + "text" : "http_get" + }, + { + "doc" : "Configuration of authenticator using HTTP Server as authentication service (Using POST request).", + "hash" : "T-authentication-S-http_post", + "fields" : [ + { + "doc" : "HTTP request method.", + "hash" : "V-authentication-S-http_post-method", + "text" : "method", + "type" : "String(\"post\")" + }, + { + "doc" : "List of HTTP Headers.", + "hash" : "V-authentication-S-http_post-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-http_post-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-http_post-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "URL of the HTTP server.", + "hash" : "V-authentication-S-http_post-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP request body.", + "hash" : "V-authentication-S-http_post-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_post-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Configure HTTP request parameters.", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-http_post-request-S-request", + "fields" : [ + { + "doc" : "HTTP method.", + "hash" : "V-authentication-S-http_post-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-http_post-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-http_post-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-authentication-S-http_post-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-authentication-S-http_post-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_post-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-http_post-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-http_post-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-http_post-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "The pool size.", + "hash" : "V-authentication-S-http_post-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_post-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-http_post-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-http_post-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-authentication-S-http_post-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + } + ], + "text" : "http_post" + }, + { + "doc" : "Configuration when the JWT for authentication is issued using the HMAC algorithm.", + "hash" : "T-authentication-S-jwt_hmac", + "fields" : [ + { + "doc" : "JWT signing algorithm, Supports HMAC (configured as hmac-based) and RSA, ECDSA (configured as public-key).", + "hash" : "V-authentication-S-jwt_hmac-algorithm", + "text" : "algorithm", + "type" : "Enum(hmac-based)" + }, + { + "doc" : "The key to verify the JWT using HMAC algorithm.", + "hash" : "V-authentication-S-jwt_hmac-secret", + "text" : "secret", + "type" : "String" + }, + { + "doc" : "Whether secret is base64 encoded.", + "hash" : "V-authentication-S-jwt_hmac-secret_base64_encoded", + "text" : "secret_base64_encoded", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-jwt_hmac-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "The JWT claim designated for accessing ACL (Access Control List) rules can be specified,\nsuch as using the `acl` claim. A typical decoded JWT with this claim might appear as:\n`{\"username\": \"user1\", \"acl\": ...}`.\n\nSupported ACL Rule Formats:\n\n- Object Format:\n Utilizes action types pub (publish), sub (subscribe), or all (both publish and subscribe).\n The value is a list of topic filters.\n Example: `{\"pub\": [\"topic1\"], \"sub\": [], \"all\": [\"${username}/#\"]}`.\n This example signifies that the token owner can publish to topic1 and perform both publish and subscribe\n actions on topics starting with their username.\n Note: In this format, if no topic matches, the action is denied, and the authorization process terminates.\n\n- Array Format (resembles File-Based ACL Rules):\n Example: `[{\"permission\": \"allow\", \"action\": \"all\", \"topic\": \"${username}/#\"}]`.\n Additionally, the `pub` or `publish` action rules can be extended with `qos` and `retain` field,\n and `sub` or `subscribe` action rules can be extended with a `qos` field.\n Note: Here, if no rule matches, the action is not immediately denied.\n The process continues to other configured authorization sources,\n and ultimately falls back to the default permission in config `authorization.no_match`.\n\nThe ACL claim utilizes MQTT topic wildcard matching rules for publishing or subscribing.\nA special syntax for the 'subscribe' action allows the use of `eq` for an exact match.\nFor instance, `eq t/#` permits or denies subscription to `t/#`, but not to `t/1`.", + "hash" : "V-authentication-S-jwt_hmac-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "A list of custom claims to validate. The allowed formats are the following:\nA map where claim names are map keys and expected values are map values:\n { claim_name = \"${username}\", ...}.\n\nA list of maps with name (claim name) and value (expected claim value) keys:\n [{name = \"claim_name\", value = \"${username}\"}, ...].\n\nValues can use the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting\n\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in verify_claims.", + "hash" : "V-authentication-S-jwt_hmac-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Disconnect the client after the token expires.", + "hash" : "V-authentication-S-jwt_hmac-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Field to take JWT from.", + "hash" : "V-authentication-S-jwt_hmac-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_hmac" + }, + { + "doc" : "Configuration when the JWT for authentication is issued using RSA or ECDSA algorithm.", + "hash" : "T-authentication-S-jwt_public_key", + "fields" : [ + { + "doc" : "JWT signing algorithm, Supports HMAC (configured as hmac-based) and RSA, ECDSA (configured as public-key).", + "hash" : "V-authentication-S-jwt_public_key-algorithm", + "text" : "algorithm", + "type" : "Enum(public-key)" + }, + { + "doc" : "The public key used to verify the JWT.", + "hash" : "V-authentication-S-jwt_public_key-public_key", + "text" : "public_key", + "type" : "String" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-jwt_public_key-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "The JWT claim designated for accessing ACL (Access Control List) rules can be specified,\nsuch as using the `acl` claim. A typical decoded JWT with this claim might appear as:\n`{\"username\": \"user1\", \"acl\": ...}`.\n\nSupported ACL Rule Formats:\n\n- Object Format:\n Utilizes action types pub (publish), sub (subscribe), or all (both publish and subscribe).\n The value is a list of topic filters.\n Example: `{\"pub\": [\"topic1\"], \"sub\": [], \"all\": [\"${username}/#\"]}`.\n This example signifies that the token owner can publish to topic1 and perform both publish and subscribe\n actions on topics starting with their username.\n Note: In this format, if no topic matches, the action is denied, and the authorization process terminates.\n\n- Array Format (resembles File-Based ACL Rules):\n Example: `[{\"permission\": \"allow\", \"action\": \"all\", \"topic\": \"${username}/#\"}]`.\n Additionally, the `pub` or `publish` action rules can be extended with `qos` and `retain` field,\n and `sub` or `subscribe` action rules can be extended with a `qos` field.\n Note: Here, if no rule matches, the action is not immediately denied.\n The process continues to other configured authorization sources,\n and ultimately falls back to the default permission in config `authorization.no_match`.\n\nThe ACL claim utilizes MQTT topic wildcard matching rules for publishing or subscribing.\nA special syntax for the 'subscribe' action allows the use of `eq` for an exact match.\nFor instance, `eq t/#` permits or denies subscription to `t/#`, but not to `t/1`.", + "hash" : "V-authentication-S-jwt_public_key-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "A list of custom claims to validate. The allowed formats are the following:\nA map where claim names are map keys and expected values are map values:\n { claim_name = \"${username}\", ...}.\n\nA list of maps with name (claim name) and value (expected claim value) keys:\n [{name = \"claim_name\", value = \"${username}\"}, ...].\n\nValues can use the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting\n\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in verify_claims.", + "hash" : "V-authentication-S-jwt_public_key-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Disconnect the client after the token expires.", + "hash" : "V-authentication-S-jwt_public_key-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Field to take JWT from.", + "hash" : "V-authentication-S-jwt_public_key-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_public_key" + }, + { + "doc" : "Configuration when JWTs used for authentication need to be fetched from the JWKS endpoint.", + "hash" : "T-authentication-S-jwt_jwks", + "fields" : [ + { + "doc" : "Whether to use JWKS.", + "hash" : "V-authentication-S-jwt_jwks-use_jwks", + "text" : "use_jwks", + "type" : "Enum(true)" + }, + { + "doc" : "JWKS endpoint, it's a read-only endpoint that returns the server's public key set in the JWKS format.", + "hash" : "V-authentication-S-jwt_jwks-endpoint", + "text" : "endpoint", + "type" : "String" + }, + { + "doc" : "List of HTTP headers to send with the JWKS request.", + "hash" : "V-authentication-S-jwt_jwks-headers", + "text" : "headers", + "type" : "Map", + "default" : "{Accept = \"application/json\"}" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-jwt_jwks-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "JWKS refresh interval.", + "hash" : "V-authentication-S-jwt_jwks-refresh_interval", + "text" : "refresh_interval", + "type" : "Integer", + "default" : "300" + }, + { + "doc" : "SSL options.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-jwt_jwks-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-jwt_jwks-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-jwt_jwks-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "The JWT claim designated for accessing ACL (Access Control List) rules can be specified,\nsuch as using the `acl` claim. A typical decoded JWT with this claim might appear as:\n`{\"username\": \"user1\", \"acl\": ...}`.\n\nSupported ACL Rule Formats:\n\n- Object Format:\n Utilizes action types pub (publish), sub (subscribe), or all (both publish and subscribe).\n The value is a list of topic filters.\n Example: `{\"pub\": [\"topic1\"], \"sub\": [], \"all\": [\"${username}/#\"]}`.\n This example signifies that the token owner can publish to topic1 and perform both publish and subscribe\n actions on topics starting with their username.\n Note: In this format, if no topic matches, the action is denied, and the authorization process terminates.\n\n- Array Format (resembles File-Based ACL Rules):\n Example: `[{\"permission\": \"allow\", \"action\": \"all\", \"topic\": \"${username}/#\"}]`.\n Additionally, the `pub` or `publish` action rules can be extended with `qos` and `retain` field,\n and `sub` or `subscribe` action rules can be extended with a `qos` field.\n Note: Here, if no rule matches, the action is not immediately denied.\n The process continues to other configured authorization sources,\n and ultimately falls back to the default permission in config `authorization.no_match`.\n\nThe ACL claim utilizes MQTT topic wildcard matching rules for publishing or subscribing.\nA special syntax for the 'subscribe' action allows the use of `eq` for an exact match.\nFor instance, `eq t/#` permits or denies subscription to `t/#`, but not to `t/1`.", + "hash" : "V-authentication-S-jwt_jwks-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "A list of custom claims to validate. The allowed formats are the following:\nA map where claim names are map keys and expected values are map values:\n { claim_name = \"${username}\", ...}.\n\nA list of maps with name (claim name) and value (expected claim value) keys:\n [{name = \"claim_name\", value = \"${username}\"}, ...].\n\nValues can use the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting\n\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in verify_claims.", + "hash" : "V-authentication-S-jwt_jwks-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Disconnect the client after the token expires.", + "hash" : "V-authentication-S-jwt_jwks-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Field to take JWT from.", + "hash" : "V-authentication-S-jwt_jwks-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_jwks" + }, + { + "doc" : "Settings for Salted Challenge Response Authentication Mechanism\n(SCRAM) authentication.", + "hash" : "T-authentication-S-scram", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-scram-mechanism", + "text" : "mechanism", + "type" : "String(\"scram\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-scram-backend", + "text" : "backend", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "Hashing algorithm.", + "hash" : "V-authentication-S-scram-algorithm", + "text" : "algorithm", + "type" : "Enum(sha256,sha512)", + "default" : "sha256" + }, + { + "doc" : "Iteration count.", + "hash" : "V-authentication-S-scram-iteration_count", + "text" : "iteration_count", + "type" : "Integer(0..+inf)", + "default" : "4096" + } + ], + "text" : "scram" + }, + { + "doc" : "Configuration of authenticator using LDAP as authentication data source.", + "hash" : "T-authentication-S-ldap", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-ldap-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-ldap-backend", + "text" : "backend", + "type" : "String(\"ldap\")" + }, + { + "doc" : "Timeout for the LDAP query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe LDAP default port 389 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-ldap-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-ldap-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-ldap-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-ldap-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "The name of the base object entry (or possibly the root) relative to\nwhich the Search is to be performed.", + "hash" : "V-authentication-S-ldap-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "The filter that defines the conditions that must be fulfilled in order\nfor the Search to match a given entry.
\nThe syntax of the filter follows RFC 4515 and also supports placeholders.", + "hash" : "V-authentication-S-ldap-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "Sets the maximum time in milliseconds that is used for each individual request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "SSL connection settings.", + "hash" : "T-authentication-S-ldap-ssl-S-ssl", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authentication-S-ldap-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + }, + { + "doc" : "Authentication method.", + "refs" : [ + { + "doc" : "Authenticate by comparing the hashed password which was provided by the `password attribute`.", + "hash" : "T-authentication-S-ldap-method-S-hash_method", + "fields" : [ + { + "doc" : "Authentication method type.", + "hash" : "V-authentication-S-ldap-method-S-hash_method-type", + "text" : "type", + "type" : "Enum(hash)", + "default" : "hash" + }, + { + "doc" : "Indicates which attribute is used to represent the user's password.", + "hash" : "V-authentication-S-ldap-method-S-hash_method-password_attribute", + "text" : "password_attribute", + "type" : "String", + "default" : "userPassword" + }, + { + "doc" : "Indicates which attribute is used to represent whether the user is a superuser.", + "hash" : "V-authentication-S-ldap-method-S-hash_method-is_superuser_attribute", + "text" : "is_superuser_attribute", + "type" : "String", + "default" : "isSuperuser" + } + ], + "text" : "hash_method" + }, + { + "doc" : "Authenticate by the LDAP bind operation.", + "hash" : "T-authentication-S-ldap-method-S-bind_method", + "fields" : [ + { + "doc" : "Authentication method type.", + "hash" : "V-authentication-S-ldap-method-S-bind_method-type", + "text" : "type", + "type" : "Enum(bind)", + "default" : "bind" + }, + { + "doc" : "The template for password to bind.", + "hash" : "V-authentication-S-ldap-method-S-bind_method-bind_password", + "text" : "bind_password", + "type" : "String", + "default" : "\"${password}\"" + } + ], + "text" : "bind_method" + } + ], + "hash" : "V-authentication-S-ldap-method", + "text" : "method", + "type" : "OneOf(Struct(hash_method),Struct(bind_method))" + } + ], + "text" : "ldap" + }, + { + "doc" : "This is a deprecated form, and you should avoid using it.", + "hash" : "T-authentication-S-ldap_deprecated", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-ldap_deprecated-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-ldap_deprecated-backend", + "text" : "backend", + "type" : "String(\"ldap\")" + }, + { + "doc" : "Timeout for the LDAP query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap_deprecated-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe LDAP default port 389 is used if `[:Port]` is not specified.", + "hash" : "V-authentication-S-ldap_deprecated-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authentication-S-ldap_deprecated-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authentication-S-ldap_deprecated-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-ldap_deprecated-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "The name of the base object entry (or possibly the root) relative to\nwhich the Search is to be performed.", + "hash" : "V-authentication-S-ldap_deprecated-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "The filter that defines the conditions that must be fulfilled in order\nfor the Search to match a given entry.
\nThe syntax of the filter follows RFC 4515 and also supports placeholders.", + "hash" : "V-authentication-S-ldap_deprecated-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "Sets the maximum time in milliseconds that is used for each individual request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap_deprecated-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "SSL connection settings.", + "hash" : "T-authentication-S-ldap_deprecated-ssl-S-ssl", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authentication-S-ldap_deprecated-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + }, + { + "doc" : "Indicates which attribute is used to represent the user's password.", + "hash" : "V-authentication-S-ldap_deprecated-password_attribute", + "text" : "password_attribute", + "type" : "String", + "default" : "userPassword" + }, + { + "doc" : "Indicates which attribute is used to represent whether the user is a superuser.", + "hash" : "V-authentication-S-ldap_deprecated-is_superuser_attribute", + "text" : "is_superuser_attribute", + "type" : "String", + "default" : "isSuperuser" + } + ], + "text" : "ldap_deprecated" + }, + { + "doc" : "Configuration of authenticator using GCP Device as authentication data source.", + "hash" : "T-authentication-S-gcp_device", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-gcp_device-mechanism", + "text" : "mechanism", + "type" : "String(\"gcp_device\")" + } + ], + "text" : "gcp_device" + }, + { + "doc" : "Configuration of authenticator using HTTP Server as authentication service (Using GET request).", + "hash" : "T-authentication-S-scram_restapi_get", + "fields" : [ + { + "doc" : "HTTP request method.", + "hash" : "V-authentication-S-scram_restapi_get-method", + "text" : "method", + "type" : "String(\"get\")" + }, + { + "doc" : "List of HTTP headers (without content-type).", + "hash" : "V-authentication-S-scram_restapi_get-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-scram_restapi_get-mechanism", + "text" : "mechanism", + "type" : "String(\"scram\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-scram_restapi_get-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "Hashing algorithm.", + "hash" : "V-authentication-S-scram_restapi_get-algorithm", + "text" : "algorithm", + "type" : "Enum(sha256,sha512)", + "default" : "sha256" + }, + { + "doc" : "Iteration count.", + "hash" : "V-authentication-S-scram_restapi_get-iteration_count", + "text" : "iteration_count", + "type" : "Integer(0..+inf)", + "default" : "4096" + }, + { + "doc" : "URL of the HTTP server.", + "hash" : "V-authentication-S-scram_restapi_get-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP request body.", + "hash" : "V-authentication-S-scram_restapi_get-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-scram_restapi_get-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-scram_restapi_get-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-scram_restapi_get-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-scram_restapi_get-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "The pool size.", + "hash" : "V-authentication-S-scram_restapi_get-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-authentication-S-scram_restapi_get-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Configure HTTP request parameters.", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-scram_restapi_get-request-S-request", + "fields" : [ + { + "doc" : "HTTP method.", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-scram_restapi_get-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-scram_restapi_get-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "scram_restapi_get" + }, + { + "doc" : "Configuration of authenticator using HTTP Server as authentication service (Using POST request).", + "hash" : "T-authentication-S-scram_restapi_post", + "fields" : [ + { + "doc" : "HTTP request method.", + "hash" : "V-authentication-S-scram_restapi_post-method", + "text" : "method", + "type" : "String(\"post\")" + }, + { + "doc" : "List of HTTP Headers.", + "hash" : "V-authentication-S-scram_restapi_post-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-scram_restapi_post-mechanism", + "text" : "mechanism", + "type" : "String(\"scram\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-scram_restapi_post-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "Hashing algorithm.", + "hash" : "V-authentication-S-scram_restapi_post-algorithm", + "text" : "algorithm", + "type" : "Enum(sha256,sha512)", + "default" : "sha256" + }, + { + "doc" : "Iteration count.", + "hash" : "V-authentication-S-scram_restapi_post-iteration_count", + "text" : "iteration_count", + "type" : "Integer(0..+inf)", + "default" : "4096" + }, + { + "doc" : "URL of the HTTP server.", + "hash" : "V-authentication-S-scram_restapi_post-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP request body.", + "hash" : "V-authentication-S-scram_restapi_post-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-scram_restapi_post-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-scram_restapi_post-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-scram_restapi_post-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-scram_restapi_post-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "The pool size.", + "hash" : "V-authentication-S-scram_restapi_post-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-authentication-S-scram_restapi_post-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Configure HTTP request parameters.", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-scram_restapi_post-request-S-request", + "fields" : [ + { + "doc" : "HTTP method.", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-scram_restapi_post-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-scram_restapi_post-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "scram_restapi_post" + }, + { + "doc" : "Settings for Kerberos authentication.", + "hash" : "T-authentication-S-kerberos", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-kerberos-mechanism", + "text" : "mechanism", + "type" : "String(\"gssapi\")" + }, + { + "doc" : "Backend type.", + "hash" : "V-authentication-S-kerberos-backend", + "text" : "backend", + "type" : "String(\"kerberos\")" + }, + { + "doc" : "Server Kerberos principal.\nFor example mqtt/emqx-cluster-1.example.com@MY_REALM.EXAMPLE.COM.\nNOTE: The realm in use has to be configured in /etc/krb5.conf in EMQX nodes.", + "hash" : "V-authentication-S-kerberos-principal", + "text" : "principal", + "type" : "String" + } + ], + "text" : "kerberos" + }, + { + "doc" : "Authenticate clients based on the client information such as username, client ID,\nclient attributes, and data extracted from TLS certificate.", + "hash" : "T-authentication-S-cinfo", + "fields" : [ + { + "doc" : "Authentication mechanism.", + "hash" : "V-authentication-S-cinfo-mechanism", + "text" : "mechanism", + "type" : "String(\"cinfo\")" + }, + { + "doc" : "A list of checks to perform on the client information.\nIf all checks are skipped, the default result `ignore` is returned.\nThe `ignore` result means to defer the authentication to the next authenticator in the chain.", + "refs" : [ + { + "doc" : "A check to perform on the client information.\nIt defines a match-condition and a result to return if the condition is `true`.\nIf all checks are skipped, the default result `ignore` is returned.", + "hash" : "T-authentication-S-cinfo-checks-S-cinfo_check", + "fields" : [ + { + "doc" : "One Variform expression or an array of expressions to evaluate with a set of pre-bound variables derived from the client information.\nSupported variables:\n- `username`: the username of the client.\n- `password`: the password of the client.\n- `clientid`: the client ID of the client.\n- `client_attrs.*`: the client attributes of the client.\n- `peerhost`: the IP address of the client.\n- `cert_subject`: the subject of the TLS certificate.\n- `cert_common_name`: the issuer of the TLS certificate.\n- `zone`: the config zone associated with the listener from which the client is accepted.\nIf the expression(s) all yields the string value `'true'`, then the associated `result` is returned from this authenticator.\nIf any expression yields the other than `'true'`, then the current check is skipped.", + "hash" : "V-authentication-S-cinfo-checks-S-cinfo_check-is_match", + "text" : "is_match", + "type" : "OneOf(String,Array(String))" + }, + { + "doc" : "The result to return if the match condition is `true`.\nSupported results:\n- `ignore`: defer the authentication to the next authenticator in the chain.\n- `allow`: allow the client to connect.\n- `deny`: deny the client to connect.", + "hash" : "V-authentication-S-cinfo-checks-S-cinfo_check-result", + "text" : "result", + "type" : "Enum(allow,deny,ignore)" + } + ], + "text" : "cinfo_check" + } + ], + "hash" : "V-authentication-S-cinfo-checks", + "text" : "checks", + "type" : "Array(Struct(cinfo_check))" + } + ], + "text" : "cinfo" + } + ], + "hash" : "V-authentication", + "text" : "authentication", + "type" : "Array(OneOf(Struct(builtin_db),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(redis_single),Struct(redis_cluster),Struct(redis_sentinel),Struct(http_get),Struct(http_post),Struct(jwt_hmac),Struct(jwt_public_key),Struct(jwt_jwks),Struct(scram),Struct(ldap),Struct(ldap_deprecated),Struct(gcp_device),Struct(scram_restapi_get),Struct(scram_restapi_post),Struct(kerberos),Struct(cinfo)))", + "default" : "[]" + }, + { + "doc" : "Authorization a.k.a. ACL.
\nIn EMQX, MQTT client access control is extremely flexible.
\nAn out-of-the-box set of authorization data sources are supported.\nFor example,
\n'file' source is to support concise and yet generic ACL rules in a file;
\n'built_in_database' source can be used to store per-client customizable rule sets,\nnatively in the EMQX node;
\n'http' source to make EMQX call an external HTTP API to make the decision;
\n'PostgreSQL' etc. to look up clients or rules from external databases", + "refs" : [ + { + "doc" : "Settings that control client authorization.", + "hash" : "T-authorization-S-authorization", + "fields" : [ + { + "doc" : "Default access control action if the user or client matches no ACL rules,\nor if no such user or client is found by the configurable authorization\nsources such as built_in_database, an HTTP API, or a query against PostgreSQL.\nFind more details in 'authorization.sources' config.", + "hash" : "V-authorization-S-authorization-no_match", + "text" : "no_match", + "type" : "Enum(allow,deny)", + "default" : "allow" + }, + { + "doc" : "The action when the authorization check rejects an operation.", + "hash" : "V-authorization-S-authorization-deny_action", + "text" : "deny_action", + "type" : "Enum(ignore,disconnect)", + "default" : "ignore" + }, + { + "refs" : [ + { + "doc" : "Settings for the authorization cache.", + "hash" : "T-authorization-S-authorization-cache-S-authz_cache", + "fields" : [ + { + "doc" : "Maximum number of cached items.", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-max_size", + "text" : "max_size", + "type" : "Integer(1..1048576)", + "default" : "32" + }, + { + "doc" : "Time to live for the cached data.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-ttl", + "text" : "ttl", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "Exclude caching ACL check results for topics matching the given patterns.", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-excludes", + "text" : "excludes", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "authz_cache" + } + ], + "hash" : "V-authorization-S-authorization-cache", + "text" : "cache", + "type" : "Struct(authz_cache)" + }, + { + "doc" : "Authorization data sources.
\nAn array of authorization (ACL) data providers.\nIt is designed as an array, not a hash-map, so the sources can be\nordered to form a chain of access controls.
\n\nWhen authorizing a 'publish' or 'subscribe' action, the configured\nsources are checked in order. When checking an ACL source,\nin case the client (identified by username or client ID) is not found,\nit moves on to the next source. And it stops immediately\nonce an 'allow' or 'deny' decision is returned.
\n\nIf the client is not found in any of the sources,\nthe default action configured in 'authorization.no_match' is applied.
\n\nNOTE:\nThe source elements are identified by their 'type'.\nIt is NOT allowed to configure two or more sources of the same type.", + "refs" : [ + { + "doc" : "Authorization using a static file.", + "hash" : "T-authorization-S-authorization-sources-S-file", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-file-type", + "text" : "type", + "type" : "String(\"file\")" + }, + { + "doc" : "Path to the file which contains the ACL rules.\nIf the file provisioned before starting EMQX node,\nit can be placed anywhere as long as EMQX has read access to it.\nThat is, EMQX will treat it as read only.\n\nIn case the rule-set is created or updated from EMQX Dashboard or HTTP API,\na new file will be created and placed in `authz` subdirectory inside EMQX's `data_dir`,\nand the old file will not be used anymore.", + "hash" : "V-authorization-S-authorization-sources-S-file-path", + "text" : "path", + "type" : "String" + } + ], + "text" : "file" + }, + { + "doc" : "Authorization using a built-in database (mnesia).", + "hash" : "T-authorization-S-authorization-sources-S-builtin_db", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-builtin_db-type", + "text" : "type", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "Maximum number of rules per client/user. Note that performance may decrease as number of rules increases.", + "hash" : "V-authorization-S-authorization-sources-S-builtin_db-max_rules", + "text" : "max_rules", + "type" : "Integer(1..+inf)", + "default" : "100" + } + ], + "text" : "builtin_db" + }, + { + "doc" : "Authorization using an external HTTP server (via GET requests).", + "hash" : "T-authorization-S-authorization-sources-S-http_get", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-type", + "text" : "type", + "type" : "String(\"http\")" + }, + { + "doc" : "URL of the auth server.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP request timeout.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request_timeout", + "text" : "request_timeout", + "type" : "String", + "default" : "\"30s\"" + }, + { + "doc" : "HTTP request body.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-body", + "text" : "body", + "type" : "Map($name->String)" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "The pool size.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Configure HTTP request parameters.", + "refs" : [ + { + "doc" : "", + "hash" : "T-authorization-S-authorization-sources-S-http_get-request-S-request", + "fields" : [ + { + "doc" : "HTTP method.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_get-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "HTTP method.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-method", + "text" : "method", + "type" : "String(\"get\")" + }, + { + "doc" : "List of HTTP headers (without content-type).", + "hash" : "V-authorization-S-authorization-sources-S-http_get-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}" + } + ], + "text" : "http_get" + }, + { + "doc" : "Authorization using an external HTTP server (via POST requests).", + "hash" : "T-authorization-S-authorization-sources-S-http_post", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-type", + "text" : "type", + "type" : "String(\"http\")" + }, + { + "doc" : "URL of the auth server.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP request timeout.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request_timeout", + "text" : "request_timeout", + "type" : "String", + "default" : "\"30s\"" + }, + { + "doc" : "HTTP request body.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-body", + "text" : "body", + "type" : "Map($name->String)" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "The pool size.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Configure HTTP request parameters.", + "refs" : [ + { + "doc" : "", + "hash" : "T-authorization-S-authorization-sources-S-http_post-request-S-request", + "fields" : [ + { + "doc" : "HTTP method.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_post-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "HTTP method.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-method", + "text" : "method", + "type" : "String(\"post\")" + }, + { + "doc" : "List of HTTP Headers.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}" + } + ], + "text" : "http_post" + }, + { + "doc" : "Authorization using a single Redis instance.", + "hash" : "T-authorization-S-authorization-sources-S-redis_single", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Single mode. Must be set to 'single' when Redis server is running in single mode.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-redis_type", + "text" : "redis_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis database ID.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Database query used to retrieve authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_single" + }, + { + "doc" : "Authorization using a Redis Sentinel.", + "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Sentinel mode. Must be set to 'sentinel' when Redis server is running in sentinel mode.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-redis_type", + "text" : "redis_type", + "type" : "String(\"sentinel\")", + "default" : "sentinel" + }, + { + "doc" : "The cluster name in Redis sentinel mode.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-sentinel", + "text" : "sentinel", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis database ID.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Database query used to retrieve authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_sentinel" + }, + { + "doc" : "Authorization using a Redis cluster.", + "hash" : "T-authorization-S-authorization-sources-S-redis_cluster", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Cluster mode. Must be set to 'cluster' when Redis server is running in clustered mode.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-redis_type", + "text" : "redis_type", + "type" : "String(\"cluster\")", + "default" : "cluster" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Database query used to retrieve authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_cluster" + }, + { + "doc" : "Authorization using a MySQL database.", + "hash" : "T-authorization-S-authorization-sources-S-mysql", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-type", + "text" : "type", + "type" : "String(\"mysql\")" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MySQL default port 3306 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Key-value list of SQL prepared statements.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-prepare_statement", + "text" : "prepare_statement", + "type" : "Map" + }, + { + "doc" : "Database query used to retrieve authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-query", + "text" : "query", + "type" : "String" + } + ], + "text" : "mysql" + }, + { + "doc" : "Authorization using a PostgreSQL database.", + "hash" : "T-authorization-S-authorization-sources-S-postgresql", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-type", + "text" : "type", + "type" : "String(\"postgresql\")" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Database name.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Key-value list of SQL prepared statements.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-prepare_statement", + "text" : "prepare_statement", + "type" : "Map" + }, + { + "doc" : "Database query used to retrieve authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-query", + "text" : "query", + "type" : "String" + } + ], + "text" : "postgresql" + }, + { + "doc" : "Authorization using a single MongoDB instance.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "`MongoDB` collection containing the authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders
\n - ${username}: Will be replaced at runtime with Username used by the client when connecting
\n - ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Standalone instance. Must be set to 'single' when MongoDB server is running in standalone mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-mongo_type", + "text" : "mongo_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_single" + }, + { + "doc" : "Authorization using a MongoDB replica set.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "`MongoDB` collection containing the authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders
\n - ${username}: Will be replaced at runtime with Username used by the client when connecting
\n - ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Replica set. Must be set to 'rs' when MongoDB server is running in 'replica set' mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-mongo_type", + "text" : "mongo_type", + "type" : "String(\"rs\")", + "default" : "rs" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Read mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-r_mode", + "text" : "r_mode", + "type" : "Enum(master,slave_ok)", + "default" : "master" + }, + { + "doc" : "Name of the replica set.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-replica_set_name", + "text" : "replica_set_name", + "type" : "String" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_rs" + }, + { + "doc" : "Authorization using a sharded MongoDB cluster.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "`MongoDB` collection containing the authorization data.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders
\n - ${username}: Will be replaced at runtime with Username used by the client when connecting
\n - ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Sharded cluster. Must be set to 'sharded' when MongoDB server is running in 'sharded' mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-mongo_type", + "text" : "mongo_type", + "type" : "String(\"sharded\")", + "default" : "sharded" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_sharded" + }, + { + "doc" : "AuthZ with LDAP", + "hash" : "T-authorization-S-authorization-sources-S-ldap", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-type", + "text" : "type", + "type" : "String(\"ldap\")" + }, + { + "doc" : "Indicates which attribute is used to represent the allowed topics list of the `publish`.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-publish_attribute", + "text" : "publish_attribute", + "type" : "String", + "default" : "mqttPublishTopic" + }, + { + "doc" : "Indicates which attribute is used to represent the allowed topics list of the `subscribe`.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-subscribe_attribute", + "text" : "subscribe_attribute", + "type" : "String", + "default" : "mqttSubscriptionTopic" + }, + { + "doc" : "Indicates which attribute is used to represent the both allowed topics list of `publish` and `subscribe`.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-all_attribute", + "text" : "all_attribute", + "type" : "String", + "default" : "mqttPubSubTopic" + }, + { + "doc" : "Timeout for the LDAP query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe LDAP default port 389 is used if `[:Port]` is not specified.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "The name of the base object entry (or possibly the root) relative to\nwhich the Search is to be performed.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "The filter that defines the conditions that must be fulfilled in order\nfor the Search to match a given entry.
\nThe syntax of the filter follows RFC 4515 and also supports placeholders.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "Sets the maximum time in milliseconds that is used for each individual request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "SSL connection settings.", + "hash" : "T-authorization-S-authorization-sources-S-ldap-ssl-S-ssl", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + } + ], + "text" : "ldap" + } + ], + "hash" : "V-authorization-S-authorization-sources", + "text" : "sources", + "type" : "Array(OneOf(Struct(file),Struct(builtin_db),Struct(http_get),Struct(http_post),Struct(redis_single),Struct(redis_sentinel),Struct(redis_cluster),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(ldap)))", + "default" : "[{enable = true, path = \"${EMQX_ETC_DIR}/acl.conf\", type = file}]" + } + ], + "text" : "authorization" + } + ], + "hash" : "V-authorization", + "text" : "authorization", + "type" : "Struct(authorization)" + }, + { + "refs" : [ + { + "doc" : "Node name, cookie, config & data directories and the Erlang virtual machine (BEAM) boot parameters.", + "hash" : "T-node-S-node", + "fields" : [ + { + "doc" : "Unique name of the EMQX node. It must follow %name%@FQDN or\n%name%@IPv4 format.", + "hash" : "V-node-S-node-name", + "text" : "name", + "type" : "String", + "default" : "\"emqx@127.0.0.1\"" + }, + { + "doc" : "Secret cookie is a random string that should be the same on all nodes in\nthe given EMQX cluster, but unique per EMQX cluster. It is used to prevent EMQX nodes that\nbelong to different clusters from accidentally connecting to each other.", + "hash" : "V-node-S-node-cookie", + "text" : "cookie", + "type" : "String" + }, + { + "doc" : "Maximum number of simultaneously open files and sockets for this Erlang system.\nFor more information, see: https://www.erlang.org/doc/man/erl.html", + "hash" : "V-node-S-node-max_ports", + "text" : "max_ports", + "type" : "Integer(1024..134217727)", + "default" : "1048576" + }, + { + "doc" : "Erlang's distribution buffer busy limit in kilobytes.", + "hash" : "V-node-S-node-dist_buffer_size", + "text" : "dist_buffer_size", + "type" : "Integer(1..2097151)", + "default" : "8192" + }, + { + "doc" : "Path to the persistent data directory.
\nPossible auto-created subdirectories are:
\n- `mnesia/`: EMQX's built-in database directory.
\nFor example, `mnesia/emqx@127.0.0.1`.
\nThere should be only one such subdirectory.
\nMeaning, in case the node is to be renamed (to e.g. `emqx@10.0.1.1`),
\nthe old dir should be deleted first.
\n- `configs`: Generated configs at boot time, and cluster/local override configs.
\n- `patches`: Hot-patch beam files are to be placed here.
\n- `trace`: Trace log files.
\n\n**NOTE**: One data dir cannot be shared by two or more EMQX nodes.", + "hash" : "V-node-S-node-data_dir", + "text" : "data_dir", + "type" : "String" + }, + { + "doc" : "Periodic garbage collection interval. Set to disabled to have it disabled.", + "hash" : "V-node-S-node-global_gc_interval", + "text" : "global_gc_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"15m\"" + }, + { + "doc" : "Select a node role.
\ncore nodes provide durability of the data, and take care of writes.\nIt is recommended to place core nodes in different racks or different availability zones.
\nreplicant nodes are ephemeral worker nodes. Removing them from the cluster\ndoesn't affect database redundancy
\nIt is recommended to have more replicant nodes than core nodes.
\nNote: this parameter only takes effect when the backend is set\nto rlog.", + "hash" : "V-node-S-node-role", + "aliases" : [ + "db_role" + ], + "text" : "role", + "type" : "Enum(core,replicant)", + "default" : "core" + } + ], + "text" : "node" + } + ], + "hash" : "V-node", + "text" : "node", + "type" : "Struct(node)" + }, + { + "refs" : [ + { + "doc" : "EMQX nodes can form a cluster to scale up the total capacity.
\n Here holds the configs to instruct how individual nodes can discover each other.", + "hash" : "T-cluster-S-cluster", + "fields" : [ + { + "doc" : "Human-friendly name of the EMQX cluster.", + "hash" : "V-cluster-S-cluster-name", + "text" : "name", + "type" : "String", + "default" : "emqxcl" + }, + { + "doc" : "Service discovery method for the cluster nodes. Possible values are:\n- manual: Use emqx ctl cluster command to manage cluster.
\n- static: Configure static nodes list by setting seeds in config file.
\n- dns: Use DNS A record to discover peer nodes.
\n- etcd: Use etcd to discover peer nodes.
\n- k8s: Use Kubernetes API to discover peer pods.", + "hash" : "V-cluster-S-cluster-discovery_strategy", + "text" : "discovery_strategy", + "type" : "Enum(manual,static,singleton,dns,etcd,k8s)", + "default" : "manual" + }, + { + "doc" : "Remove disconnected nodes from the cluster after this interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-cluster-S-cluster-autoclean", + "text" : "autoclean", + "type" : "Duration", + "default" : "\"24h\"" + }, + { + "doc" : "If true, the node will try to heal network partitions automatically.", + "hash" : "V-cluster-S-cluster-autoheal", + "text" : "autoheal", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The Erlang distribution protocol for the cluster.
\n- inet_tcp: IPv4 TCP
\n- inet_tls: IPv4 TLS, works together with etc/ssl_dist.conf
\n- inet6_tcp: IPv6 TCP
\n- inet6_tls: IPv6 TLS, works together with etc/ssl_dist.conf", + "hash" : "V-cluster-S-cluster-proto_dist", + "text" : "proto_dist", + "type" : "Enum(inet_tcp,inet6_tcp,inet_tls,inet6_tls)", + "default" : "inet_tcp" + }, + { + "refs" : [ + { + "doc" : "Service discovery via static nodes.\nThe new node joins the cluster by connecting to one of the bootstrap nodes.", + "hash" : "T-cluster-S-cluster-static-S-cluster_static", + "fields" : [ + { + "doc" : "List EMQX node names in the static cluster. See node.name.", + "hash" : "V-cluster-S-cluster-static-S-cluster_static-seeds", + "text" : "seeds", + "type" : "OneOf(String,Array(String))", + "default" : "[]" + } + ], + "text" : "cluster_static" + } + ], + "hash" : "V-cluster-S-cluster-static", + "text" : "static", + "type" : "Struct(cluster_static)" + }, + { + "refs" : [ + { + "doc" : "Service discovery via DNS SRV records.", + "hash" : "T-cluster-S-cluster-dns-S-cluster_dns", + "fields" : [ + { + "doc" : "The domain name from which to discover peer EMQX nodes' IP addresses.\nApplicable when cluster.discovery_strategy = dns", + "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-name", + "text" : "name", + "type" : "String", + "default" : "localhost" + }, + { + "doc" : "DNS record type.", + "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-record_type", + "text" : "record_type", + "type" : "Enum(a,aaaa,srv)", + "default" : "a" + } + ], + "text" : "cluster_dns" + } + ], + "hash" : "V-cluster-S-cluster-dns", + "text" : "dns", + "type" : "Struct(cluster_dns)" + }, + { + "refs" : [ + { + "doc" : "Service discovery using 'etcd' service.", + "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd", + "fields" : [ + { + "doc" : "List of endpoint URLs of the etcd cluster", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Key prefix used for EMQX service discovery.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-prefix", + "text" : "prefix", + "type" : "String", + "default" : "emqxcl" + }, + { + "doc" : "Expiration time of the etcd key associated with the node.\nIt is refreshed automatically, as long as the node is alive.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-node_ttl", + "text" : "node_ttl", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "Options for the TLS connection to the etcd cluster.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options", + "aliases" : [ + "ssl" + ], + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)" + } + ], + "text" : "cluster_etcd" + } + ], + "hash" : "V-cluster-S-cluster-etcd", + "text" : "etcd", + "type" : "Struct(cluster_etcd)" + }, + { + "refs" : [ + { + "doc" : "Service discovery via Kubernetes API server.", + "hash" : "T-cluster-S-cluster-k8s-S-cluster_k8s", + "fields" : [ + { + "doc" : "Kubernetes API endpoint URL.", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-apiserver", + "text" : "apiserver", + "type" : "String", + "default" : "\"https://kubernetes.default.svc:443\"" + }, + { + "doc" : "EMQX broker service name.", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-service_name", + "text" : "service_name", + "type" : "String", + "default" : "emqx" + }, + { + "doc" : "Address type used for connecting to the discovered nodes.\nSetting cluster.k8s.address_type to ip will\nmake EMQX to discover IP addresses of peer nodes from Kubernetes API.", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-address_type", + "text" : "address_type", + "type" : "Enum(ip,dns,hostname)", + "default" : "ip" + }, + { + "doc" : "Kubernetes namespace.", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-namespace", + "text" : "namespace", + "type" : "String", + "default" : "default" + }, + { + "doc" : "Node name suffix.
\nNote: this parameter is only relevant when address_type is dns\nor hostname.", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-suffix", + "text" : "suffix", + "type" : "String", + "default" : "\"pod.local\"" + } + ], + "text" : "cluster_k8s" + } + ], + "hash" : "V-cluster-S-cluster-k8s", + "text" : "k8s", + "type" : "Struct(cluster_k8s)" + }, + { + "doc" : "The list of the linked EMQX clusters.", + "refs" : [ + { + "doc" : "Cluster link configuration", + "hash" : "T-cluster-S-cluster-links-S-link", + "fields" : [ + { + "doc" : "Linked (remote) cluster name. Must be exactly equal to the value of `cluster.name` configured at the remote cluster. Must not be equal to the local cluster.name. All configured cluster link names must be unique.", + "hash" : "V-cluster-S-cluster-links-S-link-name", + "text" : "name", + "type" : "String" + }, + { + "doc" : "MQTT host and port of the remote EMQX broker.", + "hash" : "V-cluster-S-cluster-links-S-link-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Optional Base MQTT client ID for connecting to the remote EMQX cluster. If omitted, local `cluster.name` is used. EMQX maintains several connections between linked clusters, so distinct suffixes are automatically appended to the base client ID.", + "hash" : "V-cluster-S-cluster-links-S-link-clientid", + "text" : "clientid", + "type" : "String" + }, + { + "doc" : "Optional MQTT username for connecting to the remote EMQX cluster.", + "hash" : "V-cluster-S-cluster-links-S-link-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Optional MQTT username for connecting to the remote EMQX cluster.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-cluster-S-cluster-links-S-link-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "SSL configuration for connecting to the remote EMQX cluster.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-cluster-S-cluster-links-S-link-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "MQTT topics to be forwarded by the linked remote EMQX broker to the local broker. Messages are only forwarded if the local EMQX broker has matching subscriber(s).\nWildcards are supported. Setting empty topics list on one side of the link can be used to establish unidirectional links: the side with the empty topics won't receive remote messages, but it can forward relevant messages to its linked counterpart (according to the topics configured on that side of the link).", + "hash" : "V-cluster-S-cluster-links-S-link-topics", + "text" : "topics", + "type" : "Array(String)" + }, + { + "doc" : "Size of the pool of MQTT clients that will publish messages to the linked EMQX broker.", + "hash" : "V-cluster-S-cluster-links-S-link-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "MQTT Message retry interval. Delay for the link to retry sending the QoS1/QoS2 messages in case of ACK not received. Time interval is a string that contains a number followed by time unit:
- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n
or combination of whereof: `1h5m0s`", + "hash" : "V-cluster-S-cluster-links-S-link-retry_interval", + "text" : "retry_interval", + "type" : "String", + "default" : "\"15s\"" + }, + { + "doc" : "Max inflight (sent, but un-acked) messages of the MQTT protocol", + "hash" : "V-cluster-S-cluster-links-S-link-max_inflight", + "text" : "max_inflight", + "type" : "Integer(0..+inf)", + "default" : "32" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Deprecated since 5.1.0.", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-auto_restart_interval", + "text" : "auto_restart_interval", + "type" : "OneOf(String(\"infinity\"),Duration)" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Deprecated since v5.0.14.", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-enable_queue", + "text" : "enable_queue", + "type" : "Boolean" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "creation_opts" + } + ], + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts", + "text" : "resource_opts", + "type" : "Struct(creation_opts)", + "default" : "{}" + } + ], + "text" : "link" + } + ], + "hash" : "V-cluster-S-cluster-links", + "text" : "links", + "type" : "Array(Struct(link))", + "default" : "[]" + } + ], + "text" : "cluster" + } + ], + "hash" : "V-cluster", + "text" : "cluster", + "type" : "Struct(cluster)" + }, + { + "doc" : "EMQX provides support for two primary log handlers: `file` and `console`, with an additional `audit` handler specifically designed to always direct logs to files.\nThe system's default log handling behavior can be configured via the environment variable `EMQX_DEFAULT_LOG_HANDLER`, which accepts the following settings:\n\n- `file`: Directs log output exclusively to files.\n- `console`: Channels log output solely to the console.\n\nIt's noteworthy that `EMQX_DEFAULT_LOG_HANDLER` is set to `file` when EMQX is initiated via systemd's `emqx.service` file.\nIn scenarios outside systemd initiation, `console` serves as the default log handler.", + "refs" : [ + { + "doc" : "EMQX supports multiple log handlers, one console handler and multiple file handlers.\nEMQX by default logs to console when running in docker or in console/foreground mode,\notherwise it logs to file $EMQX_LOG_DIR/emqx.log.\nFor advanced configuration, you can find more parameters in this section.", + "hash" : "T-log-S-log", + "fields" : [ + { + "refs" : [ + { + "doc" : "Log handler that prints log events to the EMQX console.", + "hash" : "T-log-S-log-console-S-console_handler", + "fields" : [ + { + "doc" : "The log level for the current log handler.\nDefaults to warning.", + "hash" : "V-log-S-log-console-S-console_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "Enable this log handler.", + "hash" : "V-log-S-log-console-S-console_handler-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Choose log formatter. text for free text, and json for structured logging.", + "hash" : "V-log-S-log-console-S-console_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.", + "hash" : "V-log-S-log-console-S-console_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.", + "hash" : "V-log-S-log-console-S-console_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`", + "hash" : "V-log-S-log-console-S-console_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "console_handler" + } + ], + "hash" : "V-log-S-log-console", + "aliases" : [ + "console_handler" + ], + "text" : "console", + "type" : "Struct(console_handler)" + }, + { + "doc" : "File-based log handlers.", + "refs" : [ + { + "doc" : "Log handler that prints log events to files.", + "hash" : "T-log-S-log-file-S-log_file_handler", + "fields" : [ + { + "doc" : "Name the log file.", + "hash" : "V-log-S-log-file-S-log_file_handler-path", + "aliases" : [ + "file", + "to" + ], + "text" : "path", + "type" : "String", + "default" : "\"${EMQX_LOG_DIR}/emqx.log\"" + }, + { + "doc" : "Maximum number of log files.", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count", + "aliases" : [ + "rotation" + ], + "text" : "rotation_count", + "type" : "Integer(1..128)", + "default" : "10" + }, + { + "doc" : "This parameter controls log file rotation. The value `infinity` means the log file will grow indefinitely, otherwise the log file will be rotated once it reaches `rotation_size` in bytes.", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size", + "aliases" : [ + "max_size" + ], + "text" : "rotation_size", + "type" : "OneOf(String(\"infinity\"),Bytesize)", + "default" : "\"50MB\"" + }, + { + "doc" : "The log level for the current log handler.\nDefaults to warning.", + "hash" : "V-log-S-log-file-S-log_file_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "Choose log formatter. text for free text, and json for structured logging.", + "hash" : "V-log-S-log-file-S-log_file_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.", + "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.", + "hash" : "V-log-S-log-file-S-log_file_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`", + "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "log_file_handler" + }, + { + "doc" : "Log handler that prints log events to files.", + "hash" : "T-log-S-log-file-S-log_file_handler", + "fields" : [ + { + "doc" : "Name the log file.", + "hash" : "V-log-S-log-file-S-log_file_handler-path", + "aliases" : [ + "file", + "to" + ], + "text" : "path", + "type" : "String", + "default" : "\"${EMQX_LOG_DIR}/emqx.log\"" + }, + { + "doc" : "Maximum number of log files.", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count", + "aliases" : [ + "rotation" + ], + "text" : "rotation_count", + "type" : "Integer(1..128)", + "default" : "10" + }, + { + "doc" : "This parameter controls log file rotation. The value `infinity` means the log file will grow indefinitely, otherwise the log file will be rotated once it reaches `rotation_size` in bytes.", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size", + "aliases" : [ + "max_size" + ], + "text" : "rotation_size", + "type" : "OneOf(String(\"infinity\"),Bytesize)", + "default" : "\"50MB\"" + }, + { + "doc" : "The log level for the current log handler.\nDefaults to warning.", + "hash" : "V-log-S-log-file-S-log_file_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "Choose log formatter. text for free text, and json for structured logging.", + "hash" : "V-log-S-log-file-S-log_file_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.", + "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.", + "hash" : "V-log-S-log-file-S-log_file_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`", + "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "log_file_handler" + } + ], + "hash" : "V-log-S-log-file", + "aliases" : [ + "file_handlers" + ], + "text" : "file", + "type" : "OneOf(Struct(log_file_handler),Map($handler_name->Struct(log_file_handler)))", + "default" : "{level = warning}" + }, + { + "refs" : [ + { + "doc" : "Log throttling feature reduces the number of potentially flooding logged events by\ndropping all but the first event within a configured time window.\nThe throttling is automatically disabled if `console` or `file` log level is set to debug.", + "hash" : "T-log-S-log-throttling-S-log_throttling", + "fields" : [ + { + "doc" : "This configuration setting controls the logging behavior for throttled messages,\nincluding, but not limited to messages like 'authorization_permission_denied'.\nWithin each defined time window, only one instance of a throttled message will be logged to prevent log flooding.\nAt the conclusion of each time window, a summary log will be generated, detailing the occurrence of any throttled messages during that period.\nIt's important to note that the shortest effective time window for this setting is 1 second (`1s`).\nShould a value lower than `1s` be specified, it will automatically be adjusted to `1s`.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-log-S-log-throttling-S-log_throttling-time_window", + "text" : "time_window", + "type" : "Duration(s)", + "default" : "\"1m\"" + } + ], + "text" : "log_throttling" + } + ], + "hash" : "V-log-S-log-throttling", + "text" : "throttling", + "type" : "Struct(log_throttling)" + }, + { + "doc" : "Audit file-based log handler.", + "refs" : [ + { + "doc" : "Audit log handler that prints log events to files.", + "hash" : "T-log-S-log-audit-S-log_audit_handler", + "fields" : [ + { + "doc" : "Name the audit log file.", + "hash" : "V-log-S-log-audit-S-log_audit_handler-path", + "text" : "path", + "type" : "String", + "default" : "\"${EMQX_LOG_DIR}/audit.log\"" + }, + { + "doc" : "Maximum number of log files.", + "hash" : "V-log-S-log-audit-S-log_audit_handler-rotation_count", + "text" : "rotation_count", + "type" : "Integer(1..128)", + "default" : "10" + }, + { + "doc" : "This parameter controls log file rotation. The value `infinity` means the log file will grow indefinitely, otherwise the log file will be rotated once it reaches `rotation_size` in bytes.", + "hash" : "V-log-S-log-audit-S-log_audit_handler-rotation_size", + "text" : "rotation_size", + "type" : "OneOf(String(\"infinity\"),Bytesize)", + "default" : "\"50MB\"" + }, + { + "doc" : "Store the latest N log entries in a database for allow `/audit` HTTP API to filter and retrieval of log data.\nThe interval for purging redundant log records is maintained within a range of 10~20 seconds.", + "hash" : "V-log-S-log-audit-S-log_audit_handler-max_filter_size", + "text" : "max_filter_size", + "type" : "Integer(10..30000)", + "default" : "5000" + }, + { + "doc" : "Ignore high frequency requests to avoid flooding the audit log,\nsuch as publish/subscribe kick out http api requests are ignored.", + "hash" : "V-log-S-log-audit-S-log_audit_handler-ignore_high_frequency_request", + "text" : "ignore_high_frequency_request", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.", + "hash" : "V-log-S-log-audit-S-log_audit_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.", + "hash" : "V-log-S-log-audit-S-log_audit_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`", + "hash" : "V-log-S-log-audit-S-log_audit_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "log_audit_handler" + } + ], + "hash" : "V-log-S-log-audit", + "text" : "audit", + "type" : "Struct(log_audit_handler)", + "default" : "{enable = false, level = info}" + } + ], + "text" : "log" + } + ], + "hash" : "V-log", + "text" : "log", + "type" : "Struct(log)" + }, + { + "refs" : [ + { + "doc" : "EMQX uses a library called gen_rpc for inter-broker communication.
\nMost of the time the default config should work,\nbut in case you need to do performance fine-tuning or experiment a bit,\nthis is where to look.", + "hash" : "T-rpc-S-rpc", + "fields" : [ + { + "doc" : "In sync mode the sending side waits for the ack from the receiving side.", + "hash" : "V-rpc-S-rpc-mode", + "text" : "mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Transport protocol used for inter-broker communication", + "hash" : "V-rpc-S-rpc-protocol", + "aliases" : [ + "driver" + ], + "text" : "protocol", + "type" : "Enum(tcp,ssl)", + "default" : "tcp" + }, + { + "doc" : "The maximum number of batch messages sent in asynchronous mode.\n Note that this configuration does not work in synchronous mode.", + "hash" : "V-rpc-S-rpc-async_batch_size", + "text" : "async_batch_size", + "type" : "Integer", + "default" : "256" + }, + { + "doc" : "manual: discover ports by server_port.
\nstateless: discover ports in a stateless manner, using the following algorithm.\nIf node name is emqxN@127.0.0.1, where the N is an integer,\nthen the listening port will be 5370 + N.\nNOTE: when `port_discovery` is `manual`, `server_port` configuration has no effect.", + "hash" : "V-rpc-S-rpc-port_discovery", + "text" : "port_discovery", + "type" : "Enum(manual,stateless)", + "default" : "stateless" + }, + { + "doc" : "Listening port used by RPC local service.
\nNote that this config only takes effect when rpc.port_discovery is set to manual.", + "hash" : "V-rpc-S-rpc-server_port", + "aliases" : [ + "tcp_server_port", + "ssl_server_port" + ], + "text" : "server_port", + "type" : "Integer(1..+inf)", + "default" : "5369" + }, + { + "doc" : "Set the maximum number of RPC communication channels initiated by this node to each remote node.", + "hash" : "V-rpc-S-rpc-client_num", + "aliases" : [ + "tcp_client_num" + ], + "text" : "client_num", + "type" : "Integer(1..256)", + "default" : "10" + }, + { + "doc" : "Timeout for establishing an RPC connection.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Path to TLS certificate file used to validate identity of the cluster nodes.\nNote that this config only takes effect when rpc.driver is set to ssl.", + "hash" : "V-rpc-S-rpc-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "Path to the private key file for the rpc.certfile.
\nNote: contents of this file are secret, so it's necessary to set permissions to 600.", + "hash" : "V-rpc-S-rpc-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Path to certification authority TLS certificate file used to validate rpc.certfile.
\nNote: certificates of all nodes in the cluster must be signed by the same CA.", + "hash" : "V-rpc-S-rpc-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Timeout for sending the RPC request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Timeout for the remote node authentication.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-authentication_timeout", + "text" : "authentication_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Timeout for the reply to a synchronous RPC.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-call_receive_timeout", + "text" : "call_receive_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Corresponds to the `TCP_KEEPIDLE` socket option. The time (in seconds) the connection needs to remain idle before TCP starts sending keepalive probes.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-socket_keepalive_idle", + "text" : "socket_keepalive_idle", + "type" : "Duration(s)", + "default" : "\"15m\"" + }, + { + "doc" : "Corresponds to the `TCP_KEEPINTVL` socket option. The time (in seconds) between individual keepalive probes.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-rpc-S-rpc-socket_keepalive_interval", + "text" : "socket_keepalive_interval", + "type" : "Duration(s)", + "default" : "\"75s\"" + }, + { + "doc" : "Corresponds to the `TCP_KEEPCNT` socket option. The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end.", + "hash" : "V-rpc-S-rpc-socket_keepalive_count", + "text" : "socket_keepalive_count", + "type" : "Integer", + "default" : "9" + }, + { + "doc" : "TCP tuning parameters. TCP sending buffer size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-rpc-S-rpc-socket_sndbuf", + "text" : "socket_sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP tuning parameters. TCP receiving buffer size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-rpc-S-rpc-socket_recbuf", + "text" : "socket_recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP tuning parameters. Socket buffer size in user mode.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-rpc-S-rpc-socket_buffer", + "text" : "socket_buffer", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "Enable compatibility with old RPC authentication.", + "hash" : "V-rpc-S-rpc-insecure_fallback", + "text" : "insecure_fallback", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-rpc-S-rpc-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-rpc-S-rpc-tls_versions", + "text" : "tls_versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "Indicates the IP address for the RPC server to listen on. For example, use \"0.0.0.0\" for IPv4 or \"::\" for IPv6.", + "hash" : "V-rpc-S-rpc-listen_address", + "text" : "listen_address", + "type" : "String", + "default" : "\"0.0.0.0\"" + }, + { + "doc" : "This setting is effective only when rpc.listen_address is assigned an IPv6 address.\nIf set to true, the RPC client will exclusively use IPv6 for connections.\nOtherwise, the client might opt for IPv4, even if the server is on IPv6.", + "hash" : "V-rpc-S-rpc-ipv6_only", + "text" : "ipv6_only", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "rpc" + } + ], + "hash" : "V-rpc", + "text" : "rpc", + "type" : "Struct(rpc)" + }, + { + "doc" : "System topics configuration.", + "refs" : [ + { + "doc" : "The EMQX Broker periodically publishes its own status, message statistics,\nclient online and offline events to the system topic starting with `$SYS/`.\n\nThe following options control the behavior of `$SYS` topics.", + "hash" : "T-sys_topics-S-sys_topics", + "fields" : [ + { + "doc" : "Time interval for publishing following system messages:\n - `$SYS/brokers`\n - `$SYS/brokers//version`\n - `$SYS/brokers//sysdescr`\n - `$SYS/brokers//stats/`\n - `$SYS/brokers//metrics/`", + "hash" : "V-sys_topics-S-sys_topics-sys_msg_interval", + "text" : "sys_msg_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"1m\"" + }, + { + "doc" : "Time interval for publishing following heartbeat messages:\n - `$SYS/brokers//uptime`\n - `$SYS/brokers//datetime`", + "hash" : "V-sys_topics-S-sys_topics-sys_heartbeat_interval", + "text" : "sys_heartbeat_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"30s\"" + }, + { + "doc" : "Client events messages.", + "refs" : [ + { + "doc" : "Enable or disable client lifecycle event publishing.\n\nThe following options affect MQTT clients as well as\ngateway clients. The types of the clients\nare distinguished by the topic prefix:\n\n- For the MQTT clients, the format is:\n`$SYS/broker//clients//`\n- For the Gateway clients, it is\n`$SYS/broker//gateway//clients//`\n", + "hash" : "T-sys_topics-S-sys_topics-sys_event_messages-S-event_names", + "fields" : [ + { + "doc" : "Enable to publish client connected event messages", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_connected", + "text" : "client_connected", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable to publish client disconnected event messages.", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_disconnected", + "text" : "client_disconnected", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable to publish event message that client subscribed a topic successfully.", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_subscribed", + "text" : "client_subscribed", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Enable to publish event message that client unsubscribed a topic successfully.", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_unsubscribed", + "text" : "client_unsubscribed", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "event_names" + } + ], + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages", + "text" : "sys_event_messages", + "type" : "Struct(event_names)" + } + ], + "text" : "sys_topics" + } + ], + "hash" : "V-sys_topics", + "text" : "sys_topics", + "type" : "Struct(sys_topics)" + }, + { + "refs" : [ + { + "doc" : "When the process message queue length, or the memory bytes\nreaches a certain value, the process is forced to close.\n\nNote: \"message queue\" here refers to the \"message mailbox\"\nof the Erlang process, not the `mqueue` of QoS 1 and QoS 2.", + "hash" : "T-force_shutdown-S-force_shutdown", + "fields" : [ + { + "doc" : "EMQX creates at least one lightweight process for each client connection.\n\nEach process has its own message queue (aka mailbox) to hold messages from other processes (e.g. MQTT messages) so that the process can read messages from the message queue (mailbox) at any time.\n\nIf the system is busy or the process hangs due to a busy socket (see `high_watermark`), the message queue can accumulate many messages.\n\nTo avoid excessive memory usage, EMQX will force a process to shut down when the length of its message queue exceeds `max_mailbox_size`.", + "hash" : "V-force_shutdown-S-force_shutdown-max_mailbox_size", + "aliases" : [ + "max_message_queue_len" + ], + "text" : "max_mailbox_size", + "type" : "Integer(0..inf)", + "default" : "1000" + }, + { + "doc" : "The maximum heap size of the process. If the `force_shutdown` is enabled, processes that exceed this limit will automatically exit or be forcibly killed. Messages in the process message queue (mailbox) are also part of the heap. The shutdown of a process can be divided into the following two situations:\n\n- The process actively checks the current heap size during its own operation, and actively exits after finding that it exceeds the limit.\n- The underlying scheduling system checks the current heap size after performing garbage collection for the process, and forcibly kills the process after finding that it exceeds the limit.\n\nNote: The Error logs generated by the above two will be different. The log generated by the former is similar to `...errorContext: connection_shutdown, reason: #{max => 2097152, reason => proc_heap_too_large, value => 2787348}..`,\nand the log generated by the latter is similar to `...Context: maximum heap size reached...`.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-force_shutdown-S-force_shutdown-max_heap_size", + "text" : "max_heap_size", + "type" : "Bytesize", + "default" : "\"32MB\"" + } + ], + "text" : "force_shutdown" + } + ], + "hash" : "V-force_shutdown", + "text" : "force_shutdown", + "type" : "Struct(force_shutdown)" + }, + { + "doc" : "Configuration related to the EMQX durable storages.\n\nEMQX uses durable storages to offload various data, such as MQTT messages, to disc.", + "refs" : [ + { + "doc" : "Configuration related to the EMQX durable storages.\n\nEMQX uses durable storages to offload various data, such as MQTT messages, to disc.", + "hash" : "T-durable_storage-S-durable_storage", + "fields" : [ + { + "doc" : "Configuration related to the durable storage of MQTT messages.", + "refs" : [ + { + "doc" : "Builtin storage backend utilizing embedded RocksDB key-value store.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-backend", + "text" : "backend", + "type" : "String(\"builtin_raft\")", + "default" : "builtin_raft" + }, + { + "doc" : "Number of identical replicas each shard should have.\nIncreasing this number improves durability and availability at the expense of greater resource consumption.\nQuorum of replicas is needed to be healthy for the replication to work, hence an odd number of replicas is a good pick in general.\nPlease note that it takes effect only during the initialization of the durable storage database.\nChanging this configuration parameter after the database has been already created won't take any effect.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-replication_factor", + "text" : "replication_factor", + "type" : "Integer(1..+inf)", + "default" : "3" + }, + { + "doc" : "Number of storage sites that need to share responsibility over the set of storage shards.\nIn this context, sites are EMQX nodes with message durability enabled.\nPlease note that it takes effect only during the initialization of the durable storage database.\nDuring this phase at least that many sites should come online to distribute shards between them, otherwise message storage will be unavailable until then.\nAfter the initialization is complete, sites may be offline, which will affect availability depending on the number of offline sites and replication factor.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-n_sites", + "text" : "n_sites", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "File system directory where the database is located.\n\nBy default, it is equal to `node.data_dir`.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-data_dir", + "text" : "data_dir", + "type" : "String" + }, + { + "doc" : "The built-in durable storage partitions data into shards.\nThis configuration parameter defines the number of shards.\nPlease note that it takes effect only during the initialization of the durable storage database.\nChanging this configuration parameter after the database has been already created won't take any effect.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-n_shards", + "text" : "n_shards", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "Storage layout is a method of arranging messages from various topics and clients on disc.\n\nDepending on the type of workload and the topic structure, different types of strategies for storing the data can be employed to maximize efficiency of reading messages from the durable storage.", + "refs" : [ + { + "doc" : "_Wildcard-optimized_ layout is designed to maximize the throughput of wildcard subscriptions covering large numbers of topics.\n\nFor example, it can handle scenarios where a very large number of clients publish data to the topics containing their client ID, such as: `sensor/%device-version%/%clientid%/temperature`, `sensor/%device-version%/%clientid%/pressure`, etc.\nThis layout will automatically group such topics into a single stream, so a client subscribing to a topic filter containing wildcards (such as `sensor/+/+/temperature`) will be able to consume messages published by all devices as a single batch.\n\nThis layout is efficient for non-wildcard subscriptions as well.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized_v2", + "fields" : [ + { + "doc" : "Wildcard-optimized layout type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized_v2-type", + "text" : "type", + "type" : "String(\"wildcard_optimized_v2\")", + "default" : "wildcard_optimized_v2" + } + ], + "text" : "layout_builtin_wildcard_optimized_v2" + }, + { + "doc" : "_Wildcard-optimized_ layout is designed to maximize the throughput of wildcard subscriptions covering large numbers of topics.\n\nFor example, it can handle scenarios where a very large number of clients publish data to the topics containing their client ID, such as: `sensor/%device-version%/%clientid%/temperature`, `sensor/%device-version%/%clientid%/pressure`, etc.\nThis layout will automatically group such topics into a single stream, so a client subscribing to a topic filter containing wildcards (such as `sensor/+/+/temperature`) will be able to consume messages published by all devices as a single batch.\n\nThis layout is efficient for non-wildcard subscriptions as well.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized", + "fields" : [ + { + "doc" : "Wildcard-optimized layout type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized-type", + "text" : "type", + "type" : "String(\"wildcard_optimized\")", + "default" : "wildcard_optimized" + } + ], + "text" : "layout_builtin_wildcard_optimized" + }, + { + "doc" : "A simplistic layout type that stores all messages from all topics in chronological order in a single stream.\n\nNot recommended for production use.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_reference", + "fields" : [ + { + "doc" : "Reference layout type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_reference-type", + "text" : "type", + "type" : "String(\"reference\")", + "default" : "reference" + } + ], + "text" : "layout_builtin_reference" + } + ], + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout", + "text" : "layout", + "type" : "OneOf(Struct(layout_builtin_wildcard_optimized_v2),Struct(layout_builtin_wildcard_optimized),Struct(layout_builtin_reference))", + "default" : "{type = wildcard_optimized_v2}" + } + ], + "text" : "builtin_raft" + }, + { + "doc" : "Builtin storage backend utilizing embedded RocksDB key-value store.\nThis backend doesn't support clustering.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-backend", + "text" : "backend", + "type" : "String(\"builtin_local\")", + "default" : "builtin_local" + }, + { + "doc" : "File system directory where the database is located.\n\nBy default, it is equal to `node.data_dir`.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-data_dir", + "text" : "data_dir", + "type" : "String" + }, + { + "doc" : "The built-in durable storage partitions data into shards.\nThis configuration parameter defines the number of shards.\nPlease note that it takes effect only during the initialization of the durable storage database.\nChanging this configuration parameter after the database has been already created won't take any effect.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-n_shards", + "text" : "n_shards", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "Storage layout is a method of arranging messages from various topics and clients on disc.\n\nDepending on the type of workload and the topic structure, different types of strategies for storing the data can be employed to maximize efficiency of reading messages from the durable storage.", + "refs" : [ + { + "doc" : "_Wildcard-optimized_ layout is designed to maximize the throughput of wildcard subscriptions covering large numbers of topics.\n\nFor example, it can handle scenarios where a very large number of clients publish data to the topics containing their client ID, such as: `sensor/%device-version%/%clientid%/temperature`, `sensor/%device-version%/%clientid%/pressure`, etc.\nThis layout will automatically group such topics into a single stream, so a client subscribing to a topic filter containing wildcards (such as `sensor/+/+/temperature`) will be able to consume messages published by all devices as a single batch.\n\nThis layout is efficient for non-wildcard subscriptions as well.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2", + "fields" : [ + { + "doc" : "Wildcard-optimized layout type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2-type", + "text" : "type", + "type" : "String(\"wildcard_optimized_v2\")", + "default" : "wildcard_optimized_v2" + } + ], + "text" : "layout_builtin_wildcard_optimized_v2" + }, + { + "doc" : "_Wildcard-optimized_ layout is designed to maximize the throughput of wildcard subscriptions covering large numbers of topics.\n\nFor example, it can handle scenarios where a very large number of clients publish data to the topics containing their client ID, such as: `sensor/%device-version%/%clientid%/temperature`, `sensor/%device-version%/%clientid%/pressure`, etc.\nThis layout will automatically group such topics into a single stream, so a client subscribing to a topic filter containing wildcards (such as `sensor/+/+/temperature`) will be able to consume messages published by all devices as a single batch.\n\nThis layout is efficient for non-wildcard subscriptions as well.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized", + "fields" : [ + { + "doc" : "Wildcard-optimized layout type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized-type", + "text" : "type", + "type" : "String(\"wildcard_optimized\")", + "default" : "wildcard_optimized" + } + ], + "text" : "layout_builtin_wildcard_optimized" + }, + { + "doc" : "A simplistic layout type that stores all messages from all topics in chronological order in a single stream.\n\nNot recommended for production use.", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference", + "fields" : [ + { + "doc" : "Reference layout type.", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference-type", + "text" : "type", + "type" : "String(\"reference\")", + "default" : "reference" + } + ], + "text" : "layout_builtin_reference" + } + ], + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout", + "text" : "layout", + "type" : "OneOf(Struct(layout_builtin_wildcard_optimized_v2),Struct(layout_builtin_wildcard_optimized),Struct(layout_builtin_reference))", + "default" : "{type = wildcard_optimized_v2}" + } + ], + "text" : "builtin_local" + } + ], + "hash" : "V-durable_storage-S-durable_storage-messages", + "text" : "messages", + "type" : "OneOf(Struct(builtin_raft),Struct(builtin_local))", + "default" : "{backend = builtin_raft}" + } + ], + "text" : "durable_storage" + } + ], + "hash" : "V-durable_storage", + "text" : "durable_storage", + "type" : "Struct(durable_storage)" + }, + { + "refs" : [ + { + "doc" : "Force garbage collection in MQTT connection process after\n they process certain number of messages or bytes of data.", + "hash" : "T-force_gc-S-force_gc", + "fields" : [ + { + "doc" : "GC the process after this many received messages.", + "hash" : "V-force_gc-S-force_gc-count", + "text" : "count", + "type" : "Integer(0..inf)", + "default" : "16000" + }, + { + "doc" : "GC the process after specified number of bytes have passed through.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-force_gc-S-force_gc-bytes", + "text" : "bytes", + "type" : "Bytesize", + "default" : "\"16MB\"" + } + ], + "text" : "force_gc" + } + ], + "hash" : "V-force_gc", + "text" : "force_gc", + "type" : "Struct(force_gc)" + }, + { + "refs" : [ + { + "doc" : "Features related to system monitoring and introspection.", + "hash" : "T-sysmon-S-sysmon", + "fields" : [ + { + "refs" : [ + { + "doc" : "This part of the configuration is responsible for collecting\n BEAM VM events, such as long garbage collection, traffic congestion in the inter-broker\n communication, etc.", + "hash" : "T-sysmon-S-sysmon-vm-S-sysmon_vm", + "fields" : [ + { + "doc" : "The time interval for the periodic process count limit check, used together with `process_high_watermark` and `process_low_watermark`.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_check_interval", + "text" : "process_check_interval", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "The threshold, as percentage of processes, for how many\n processes can simultaneously exist at the local node before the corresponding\n alarm is raised.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_high_watermark", + "text" : "process_high_watermark", + "type" : "String", + "default" : "\"80%\"" + }, + { + "doc" : "The threshold, as percentage of processes, for how many\n processes can simultaneously exist at the local node before the corresponding\n alarm is cleared.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_low_watermark", + "text" : "process_low_watermark", + "type" : "String", + "default" : "\"60%\"" + }, + { + "doc" : "When an Erlang process spends long time to perform garbage collection, a warning level long_gc log is emitted,\nand an MQTT message is published to the system topic $SYS/sysmon/long_gc.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_gc", + "text" : "long_gc", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "disabled" + }, + { + "doc" : "When the Erlang VM detect a task scheduled for too long, a warning level 'long_schedule' log is emitted,\nand an MQTT message is published to the system topic $SYS/sysmon/long_schedule.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_schedule", + "text" : "long_schedule", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"240ms\"" + }, + { + "doc" : "When the heap memory occupied by a process exceeds the size specified by `large_heap`, the system will write a warning level `large_heap` log, and an MQTT message will be published to the system topic `$SYS/sysmon/large_heap`.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-large_heap", + "text" : "large_heap", + "type" : "OneOf(String(\"disabled\"),Bytesize)", + "default" : "\"32MB\"" + }, + { + "doc" : "When the RPC connection used to communicate with other nodes in the cluster is overloaded,\nthere will be a busy_dist_port warning log,\nand an MQTT message is published to system topic $SYS/sysmon/busy_dist_port.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_dist_port", + "text" : "busy_dist_port", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When a port (e.g. TCP socket) is overloaded, there will be a busy_port warning log,\nand an MQTT message is published to the system topic $SYS/sysmon/busy_port.", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_port", + "text" : "busy_port", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "sysmon_vm" + } + ], + "hash" : "V-sysmon-S-sysmon-vm", + "text" : "vm", + "type" : "Struct(sysmon_vm)" + }, + { + "refs" : [ + { + "doc" : "This part of the configuration is responsible for monitoring\n the host OS health, such as free memory, disk space, CPU load, etc.", + "hash" : "T-sysmon-S-sysmon-os-S-sysmon_os", + "fields" : [ + { + "doc" : "The time interval for the periodic CPU check. Disabled on Windows platform.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_check_interval", + "text" : "cpu_check_interval", + "type" : "Duration", + "default" : "\"60s\"" + }, + { + "doc" : "The threshold, as percentage of system CPU load,\n for how much system cpu can be used before the corresponding alarm is raised. Disabled on Windows platform", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_high_watermark", + "text" : "cpu_high_watermark", + "type" : "String", + "default" : "\"80%\"" + }, + { + "doc" : "The threshold, as percentage of system CPU load,\n for how much system cpu can be used before the corresponding alarm is cleared. Disabled on Windows platform", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_low_watermark", + "text" : "cpu_low_watermark", + "type" : "String", + "default" : "\"60%\"" + }, + { + "doc" : "The time interval for the periodic memory check. Disabled on Windows platform.", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-mem_check_interval", + "text" : "mem_check_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"60s\"" + }, + { + "doc" : "The threshold, as percentage of system memory,\n for how much system memory can be allocated before the corresponding alarm is raised. Disabled on Windows platform", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-sysmem_high_watermark", + "text" : "sysmem_high_watermark", + "type" : "String", + "default" : "\"70%\"" + }, + { + "doc" : "The threshold, as percentage of system memory,\n for how much system memory can be allocated by one Erlang process before\n the corresponding alarm is raised. Disabled on Windows platform.", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-procmem_high_watermark", + "text" : "procmem_high_watermark", + "type" : "String", + "default" : "\"5%\"" + } + ], + "text" : "sysmon_os" + } + ], + "hash" : "V-sysmon-S-sysmon-os", + "text" : "os", + "type" : "Struct(sysmon_os)" + } + ], + "text" : "sysmon" + } + ], + "hash" : "V-sysmon", + "text" : "sysmon", + "type" : "Struct(sysmon)" + }, + { + "refs" : [ + { + "doc" : "Settings for the alarms.", + "hash" : "T-alarm-S-alarm", + "fields" : [ + { + "doc" : "The actions triggered when the alarm is activated.
Currently, the following actions are supported: log and publish.\nlog is to write the alarm to log (console or file).\npublish is to publish the alarm as an MQTT message to the system topics:\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate and\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate", + "hash" : "V-alarm-S-alarm-actions", + "text" : "actions", + "type" : "Array(Enum(log,publish))", + "default" : "[log, publish]" + }, + { + "doc" : "The maximum number of historical alarms that can be stored.\n\nWhen the maximum number is reached, the oldest historical alarms will be deleted to store new historical alarms.", + "hash" : "V-alarm-S-alarm-size_limit", + "text" : "size_limit", + "type" : "Integer(1..3000)", + "default" : "1000" + }, + { + "doc" : "The validity period of historical alarms. Calculated from the time of activation of the historical alarm instead of the time of cancelation.\n\nIf it exists longer than the validity period, the alarm will be deleted.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-alarm-S-alarm-validity_period", + "text" : "validity_period", + "type" : "Duration", + "default" : "\"24h\"" + } + ], + "text" : "alarm" + } + ], + "hash" : "V-alarm", + "text" : "alarm", + "type" : "Struct(alarm)" + }, + { + "refs" : [ + { + "doc" : "This config controls the allowed maximum number of `CONNECT` packets received\nfrom the same clientid in a time frame defined by `window_time`.\nAfter the limit is reached, successive `CONNECT` requests are forbidden\n(banned) until the end of the time period defined by `ban_time`.", + "hash" : "T-flapping_detect-S-flapping_detect", + "fields" : [ + { + "doc" : "Enable flapping connection detection feature.", + "hash" : "V-flapping_detect-S-flapping_detect-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The time window for flapping detection.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-flapping_detect-S-flapping_detect-window_time", + "text" : "window_time", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "The maximum number of disconnects allowed for a MQTT Client in `window_time`", + "hash" : "V-flapping_detect-S-flapping_detect-max_count", + "text" : "max_count", + "type" : "Integer(0..+inf)", + "default" : "15" + }, + { + "doc" : "How long the flapping clientid will be banned.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-flapping_detect-S-flapping_detect-ban_time", + "text" : "ban_time", + "type" : "Duration", + "default" : "\"5m\"" + } + ], + "text" : "flapping_detect" + } + ], + "hash" : "V-flapping_detect", + "text" : "flapping_detect", + "type" : "Struct(flapping_detect)" + }, + { + "refs" : [ + { + "doc" : "Settings related to the durable session feature.", + "hash" : "T-durable_sessions-S-durable_sessions", + "fields" : [ + { + "doc" : "Use durable storage for client sessions persistence.\nIf enabled, sessions configured to outlive client connections, along with their corresponding messages, will be durably stored and survive broker downtime.\n\n:::warning\nMessages sent to the durable sessions are saved on disc.\nThis inevitably limits the overall throughput of the system.\n:::", + "hash" : "V-durable_sessions-S-durable_sessions-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "This value affects the flow control for the persistent sessions.\nPersistent session queries the durable message storage in batches.\nThis value specifies size of the batch.\n\nNote: larger batches generally improve the throughput and overall performance of the system, but increase RAM usage per client.", + "hash" : "V-durable_sessions-S-durable_sessions-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Expiry interval for poll requests sent by durable sessions to the storage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-durable_sessions-S-durable_sessions-idle_poll_interval", + "text" : "idle_poll_interval", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Durable sessions back up their state on disc every heartbeat interval.\n\nHeartbeat interval is also taken into account during garbage collection of expired sessions.\nIt is added to the session expiry time as a safety margin when precise time of session termination is not precisely known.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-durable_sessions-S-durable_sessions-heartbeat_interval", + "text" : "heartbeat_interval", + "type" : "Duration", + "default" : "\"5000ms\"" + }, + { + "doc" : "The interval at which session garbage collection is executed for persistent sessions.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-durable_sessions-S-durable_sessions-session_gc_interval", + "text" : "session_gc_interval", + "type" : "Duration", + "default" : "\"10m\"" + }, + { + "doc" : "The size of each batch of expired persistent sessions to be garbage collected per iteration.", + "hash" : "V-durable_sessions-S-durable_sessions-session_gc_batch_size", + "text" : "session_gc_batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Broker keeps messages sent to the durable sessions for this period of time.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-durable_sessions-S-durable_sessions-message_retention_period", + "text" : "message_retention_period", + "type" : "Duration", + "default" : "\"1d\"" + } + ], + "text" : "durable_sessions" + } + ], + "hash" : "V-durable_sessions", + "text" : "durable_sessions", + "type" : "Struct(durable_sessions)" + }, + { + "refs" : [ + { + "doc" : "Connectors that are used to connect to external systems", + "hash" : "T-connectors-S-connectors", + "fields" : [ + { + "doc" : "Oracle Connector Config", + "refs" : [ + { + "doc" : "Configuration for an Oracle Client.", + "hash" : "T-connectors-S-connectors-oracle-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
A host entry has the following form: `Host[:Port]`.
The Oracle Database default port 1521 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Sid for Oracle Database.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-sid", + "text" : "sid", + "type" : "String" + }, + { + "doc" : "Service Name for Oracle Database.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-service_name", + "text" : "service_name", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-oracle", + "text" : "oracle", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Snowflake Connector Config", + "refs" : [ + { + "doc" : "Configuration for a connector to Snowflake service.", + "hash" : "T-connectors-S-connectors-snowflake-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The address of Snowflake computing server to connect to.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Account ID for Snowflake.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-account", + "text" : "account", + "type" : "String" + }, + { + "doc" : "Data Source Name (DSN) associated with the installed Snowflake ODBC driver.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-dsn", + "text" : "dsn", + "type" : "String" + }, + { + "doc" : "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS).", + "refs" : [ + { + "doc" : "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS).", + "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config", + "fields" : [ + { + "doc" : "Proxy host address to connect to.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config-host", + "text" : "host", + "type" : "String" + }, + { + "doc" : "Proxy port to use when connecting.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config-port", + "text" : "port", + "type" : "Integer(1..65535)" + } + ], + "text" : "proxy_config" + } + ], + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy", + "text" : "proxy", + "type" : "OneOf(String(\"none\"),Struct(proxy_config))", + "default" : "none" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-snowflake", + "text" : "snowflake", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "RabbitMQ Connector Config", + "refs" : [ + { + "doc" : "The configuration for the RabbitMQ connector.", + "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The RabbitMQ server address that you want to connect to (for example, localhost).", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-server", + "text" : "server", + "type" : "String", + "default" : "localhost" + }, + { + "doc" : "The RabbitMQ server address that you want to connect to (for example, localhost).", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-port", + "text" : "port", + "type" : "Integer(1..65535)", + "default" : "5672" + }, + { + "doc" : "The username used to authenticate with the RabbitMQ server.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "The size of the connection pool.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The timeout for waiting on the connection to be established.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-timeout", + "text" : "timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The virtual host to use when connecting to the RabbitMQ server.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-virtual_host", + "text" : "virtual_host", + "type" : "String", + "default" : "\"/\"" + }, + { + "doc" : "The interval for sending heartbeat messages to the RabbitMQ server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-heartbeat", + "text" : "heartbeat", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Connector resource options.", + "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-rabbitmq", + "text" : "rabbitmq", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "RocketMQ Connector Config", + "refs" : [ + { + "doc" : "Configuration for an RocketMQ Client.", + "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe RocketMQ default port 9876 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "The namespace field MUST be set if you are using the RocketMQ service in\naliyun cloud and also the namespace is enabled,\nor if you have configured a namespace in your RocketMQ server.\nFor RocketMQ in aliyun cloud, the namespace is the instance ID.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-namespace", + "text" : "namespace", + "type" : "String" + }, + { + "doc" : "RocketMQ server `accessKey`.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-access_key", + "text" : "access_key", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "RocketMQ server `secretKey`.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-secret_key", + "text" : "secret_key", + "type" : "Secret", + "default" : "\"\"" + }, + { + "doc" : "RocketMQ Server Security Token
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-security_token", + "text" : "security_token", + "type" : "Secret", + "default" : "\"\"" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-rocketmq", + "text" : "rocketmq", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Redis Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Redis action.", + "hash" : "T-connectors-S-connectors-redis-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Set of parameters specific for the given type of this Redis connector, `redis_type` can be one of `single`, `cluster` or `sentinel`.", + "refs" : [ + { + "doc" : "Redis connector in sentinel mode", + "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector", + "fields" : [ + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Single mode. Must be set to 'single' when Redis server is running in single mode.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-redis_type", + "text" : "redis_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis database ID.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + } + ], + "text" : "redis_single_connector" + }, + { + "doc" : "Redis connector in sentinel mode", + "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector", + "fields" : [ + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Sentinel mode. Must be set to 'sentinel' when Redis server is running in sentinel mode.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-redis_type", + "text" : "redis_type", + "type" : "String(\"sentinel\")", + "default" : "sentinel" + }, + { + "doc" : "The cluster name in Redis sentinel mode.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-sentinel", + "text" : "sentinel", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis database ID.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + } + ], + "text" : "redis_sentinel_connector" + }, + { + "doc" : "Redis connector in cluster mode", + "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector", + "fields" : [ + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Cluster mode. Must be set to 'cluster' when Redis server is running in clustered mode.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-redis_type", + "text" : "redis_type", + "type" : "String(\"cluster\")", + "default" : "cluster" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + } + ], + "text" : "redis_cluster_connector" + } + ], + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(redis_single_connector),Struct(redis_sentinel_connector),Struct(redis_cluster_connector))" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-redis", + "text" : "redis", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Syskeeper Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Syskeeper forwarder connector", + "hash" : "T-connectors-S-connectors-syskeeper_forwarder-S-config", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The address of the Syskeeper proxy server", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Specify whether the proxy server should reply with an acknowledgement for the message forwarding, can be:
- need_ack
- no_ack
", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-ack_mode", + "text" : "ack_mode", + "type" : "Enum(need_ack,no_ack)", + "default" : "no_ack" + }, + { + "doc" : "The maximum time to wait for an acknowledgement from the proxy server
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-ack_timeout", + "text" : "ack_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config" + } + ], + "hash" : "V-connectors-S-connectors-syskeeper_forwarder", + "text" : "syskeeper_forwarder", + "type" : "Map($name->Struct(config))" + }, + { + "doc" : "GCP PubSub Consumer Connector Config", + "refs" : [ + { + "doc" : "Configuration for a GCP PubSub Consumer Client.", + "hash" : "T-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "The pool size.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-pipelining", + "text" : "pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Max retry times if an error occurs when sending a request.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + }, + { + "doc" : "Deprecated since e5.0.1.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + }, + { + "doc" : "JSON containing the GCP Service Account credentials to be used with PubSub.\nWhen a GCP Service Account is created (as described in https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount), you have the option of downloading the credentials in JSON form. That's the file needed.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-service_account_json", + "text" : "service_account_json", + "type" : "String" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer", + "text" : "gcp_pubsub_consumer", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "MQTT Connector Config", + "refs" : [ + { + "doc" : "Configurations for an MQTT connector.", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Size of the pool of MQTT clients that will publish messages to the remote broker.
\nEach MQTT client will be assigned 'clientid' of the form '${clientid_prefix}:${bridge_name}:egress:${node}:${n}'\nwhere 'n' is the number of a client inside the pool.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "Deprecated since v5.1.0 & e5.1.0.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-mode", + "text" : "mode", + "type" : "Enum(cluster_shareload)" + }, + { + "doc" : "The host and port of the remote MQTT broker", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Optional prefix to prepend to the clientid used by egress bridges.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clientid_prefix", + "text" : "clientid_prefix", + "type" : "String" + }, + { + "doc" : "Deprecated since v5.0.16.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-reconnect_interval", + "text" : "reconnect_interval", + "type" : "String" + }, + { + "doc" : "The MQTT protocol version", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-proto_ver", + "text" : "proto_ver", + "type" : "Enum(v3,v4,v5)", + "default" : "v4" + }, + { + "doc" : "If enable bridge mode.\nNOTE: This setting is only for MQTT protocol version older than 5.0, and the remote MQTT\nbroker MUST support this feature.\nIf bridge_mode is set to true, the bridge will indicate to the remote broker that it is a bridge not an ordinary client.\nThis means that loop detection will be more effective and that retained messages will be propagated correctly.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-bridge_mode", + "text" : "bridge_mode", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The username of the MQTT protocol", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password of the MQTT protocol
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to start a clean session when reconnecting a remote broker for ingress bridge", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clean_start", + "text" : "clean_start", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "MQTT Keepalive. Time interval is a string that contains a number followed by time unit:
- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n
or combination of whereof: `1h5m0s`", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "\"160s\"" + }, + { + "doc" : "Message retry interval. Delay for the MQTT bridge to retry sending the QoS1/QoS2 messages in case of ACK not received. Time interval is a string that contains a number followed by time unit:
- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n
or combination of whereof: `1h5m0s`", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-retry_interval", + "text" : "retry_interval", + "type" : "String", + "default" : "\"15s\"" + }, + { + "doc" : "Max inflight (sent, but un-acked) messages of the MQTT protocol", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-max_inflight", + "text" : "max_inflight", + "type" : "Integer(0..+inf)", + "default" : "32" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Couchbase Connector Config", + "refs" : [ + { + "doc" : "Configuration for a connector to Couchbase service.", + "hash" : "T-connectors-S-connectors-couchbase-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\n A host entry has the following form: `Host[:Port]`.
\n The Couchbase default query service port 8093 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-pipelining", + "text" : "pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "The pool size.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Username for Couchbase service.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Password for Couchbase service.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-couchbase", + "text" : "couchbase", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Microsoft SQL Server Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Microsoft SOL Server connector.", + "hash" : "T-connectors-S-connectors-sqlserver-S-config_connector", + "fields" : [ + { + "doc" : "SQL Server Driver Name", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-driver", + "text" : "driver", + "type" : "String", + "default" : "\"ms-sql\"" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe SQL Server default port 1433 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-username", + "text" : "username", + "type" : "String", + "default" : "sa" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-sqlserver", + "text" : "sqlserver", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "MongoDB Connector Config", + "refs" : [ + { + "doc" : "Configuration for MongoDB action", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Set of parameters specific for the given type of this MongoDB connector, `mongo_type` can be one of `single` (Standalone), `sharded` (Sharded) or `rs` (Replica Set).", + "refs" : [ + { + "doc" : "Settings for a single MongoDB instance.", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single", + "fields" : [ + { + "doc" : "Standalone instance. Must be set to 'single' when MongoDB server is running in standalone mode.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-mongo_type", + "text" : "mongo_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + } + ], + "text" : "connector_single" + }, + { + "doc" : "Settings for sharded cluster.", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded", + "fields" : [ + { + "doc" : "Sharded cluster. Must be set to 'sharded' when MongoDB server is running in 'sharded' mode.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-mongo_type", + "text" : "mongo_type", + "type" : "String(\"sharded\")", + "default" : "sharded" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + } + ], + "text" : "connector_sharded" + }, + { + "doc" : "Settings for replica set.", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs", + "fields" : [ + { + "doc" : "Replica set. Must be set to 'rs' when MongoDB server is running in 'replica set' mode.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-mongo_type", + "text" : "mongo_type", + "type" : "String(\"rs\")", + "default" : "rs" + }, + { + "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Write mode.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "Read mode.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-r_mode", + "text" : "r_mode", + "type" : "Enum(master,slave_ok)", + "default" : "master" + }, + { + "doc" : "Name of the replica set.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-replica_set_name", + "text" : "replica_set_name", + "type" : "String" + } + ], + "text" : "connector_rs" + } + ], + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(connector_single),Struct(connector_sharded),Struct(connector_rs))" + }, + { + "doc" : "Use DNS SRV record.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "Database name associated with the user's credentials.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Topology of MongoDB.", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology", + "fields" : [ + { + "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-mongodb", + "text" : "mongodb", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Datalayers Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Datalayers bridge.", + "hash" : "T-connectors-S-connectors-datalayers-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe Datalayers default port 8361 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-server", + "text" : "server", + "type" : "String", + "default" : "\"127.0.0.1:8361\"" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer", + "default" : "8" + }, + { + "doc" : "Set of parameters specific for the given type of this Datalayers connector.", + "refs" : [ + { + "doc" : "Set of parameters specific for the given type of this Datalayers connector.", + "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters", + "fields" : [ + { + "doc" : "The Driver used to communicate with Datalayers service.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-driver_type", + "text" : "driver_type", + "type" : "Enum(influxdb_v1)", + "default" : "influxdb_v1" + }, + { + "doc" : "Datalayers database.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Datalayers username.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Datalayers password.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "datalayers_influxdb_v1_parameters" + } + ], + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(datalayers_influxdb_v1_parameters))" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-datalayers", + "text" : "datalayers", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Azure Blob Storage Connector Config", + "refs" : [ + { + "doc" : "Configuration for a connector to Azure Blob Storage service.", + "hash" : "T-connectors-S-connectors-azure_blob_storage-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Account name for Azure Blob Storage service.", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-account_name", + "text" : "account_name", + "type" : "String" + }, + { + "doc" : "Account key for Azure Blob Storage service.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-account_key", + "text" : "account_key", + "type" : "Secret" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-azure_blob_storage", + "text" : "azure_blob_storage", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Kafka Consumer Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Kafka Consumer Client.", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "A comma separated list of Kafka host:port endpoints to bootstrap the client.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-bootstrap_hosts", + "text" : "bootstrap_hosts", + "type" : "String" + }, + { + "doc" : "Maximum wait time for TCP connection establishment (including authentication time if enabled).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Minimum time interval the client has to wait before refreshing Kafka broker and topic metadata. Setting too small value may add extra load on Kafka.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-min_metadata_refresh_interval", + "text" : "min_metadata_refresh_interval", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "Maximum wait time when fetching topic metadata.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-metadata_request_timeout", + "text" : "metadata_request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Authentication configs.", + "refs" : [ + { + "doc" : "Username/password based authentication.", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password", + "fields" : [ + { + "doc" : "SASL authentication mechanism.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-mechanism", + "text" : "mechanism", + "type" : "Enum(plain,scram_sha_256,scram_sha_512)" + }, + { + "doc" : "SASL authentication username.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "SASL authentication password.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_username_password" + }, + { + "doc" : "Use GSSAPI/Kerberos authentication.", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos", + "fields" : [ + { + "doc" : "SASL GSSAPI authentication Kerberos principal. For example kafka/node1.example.com@EXAMPLE.COM, NOTE: The realm in use has to be configured in /etc/krb5.conf in EMQX nodes.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_principal", + "text" : "kerberos_principal", + "type" : "String" + }, + { + "doc" : "SASL GSSAPI authentication Kerberos keytab file path. NOTE: This file has to be placed in EMQX nodes, and the EMQX service runner user requires read permission.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_keytab_file", + "text" : "kerberos_keytab_file", + "type" : "String" + } + ], + "text" : "auth_gssapi_kerberos" + } + ], + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication", + "text" : "authentication", + "type" : "OneOf(String(\"none\"),Struct(auth_username_password),Struct(auth_gssapi_kerberos))", + "default" : "none" + }, + { + "doc" : "Extra socket options.", + "refs" : [ + { + "doc" : "Extra socket options.", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts", + "fields" : [ + { + "doc" : "Fine tune the socket send buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "Fine tune the socket receive buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "When set to 'true', TCP buffer is sent as soon as possible. Otherwise, the OS kernel may buffer small TCP packets for a while (40 ms by default).", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: TCP keepalive probes are sent after the connection is idle for 240 seconds, and the probes are sent every 30 seconds until a response is received, if it misses 5 consecutive responses, the connection should be closed.\nDefault: 'none'", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive", + "text" : "tcp_keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "socket_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts", + "text" : "socket_opts", + "type" : "Struct(socket_opts)" + }, + { + "doc" : "Topic name used exclusively for more accurate connector health checks.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-health_check_topic", + "text" : "health_check_topic", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "TLS/SSL options for client.", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Server Name Indication (SNI) setting for TLS handshake.
\n- auto: Allow the client to automatically determine the appropriate SNI.
\n- disable: If you wish to prevent the client from sending the SNI.
\n- Other string values will be sent as-is.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)", + "default" : "auto" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-kafka_consumer", + "text" : "kafka_consumer", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Matrix Connector Config", + "refs" : [ + { + "doc" : "The configuration for the PostgreSQL connector.", + "hash" : "T-connectors-S-connectors-matrix-S-config_connector", + "fields" : [ + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Database name.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-matrix", + "text" : "matrix", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "IoTDB Connector Config", + "refs" : [ + { + "doc" : "Configuration for Apache IoTDB bridge.", + "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "The type of the pool. Can be one of `random`, `hash`.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "The pool size.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + }, + { + "doc" : "The drivers for IoTDB connector, can be:\n- rest\n- thrift", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-driver", + "text" : "driver", + "type" : "Enum(restapi)", + "default" : "restapi" + }, + { + "doc" : "The base URL of the external IoTDB service's REST interface.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-base_url", + "text" : "base_url", + "type" : "String" + }, + { + "doc" : "The version of the IoTDB system to connect to.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-iotdb_version", + "text" : "iotdb_version", + "type" : "Enum(v1.3.x,v1.1.x,v1.0.x,v0.13.x)", + "default" : "\"v1.3.x\"" + }, + { + "doc" : "Authentication configuration", + "refs" : [ + { + "doc" : "Authentication configuration", + "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication", + "fields" : [ + { + "doc" : "The username as configured at the IoTDB REST/Thrift interface", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password as configured at the IoTDB/Thrift REST interface
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "authentication" + } + ], + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication", + "text" : "authentication", + "type" : "OneOf(Struct(authentication))", + "default" : "auth_basic" + } + ], + "text" : "config_restapi" + }, + { + "doc" : "Configuration for Apache IoTDB bridge.", + "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The drivers for IoTDB connector, can be:\n- rest\n- thrift", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-driver", + "text" : "driver", + "type" : "Enum(thrift)", + "default" : "restapi" + }, + { + "doc" : "The address of the IoTDB Thrift server (host:port)", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "The version of IoTDB Thrift protocol", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-protocol_version", + "text" : "protocol_version", + "type" : "Enum(protocol_v1,protocol_v2,protocol_v3)", + "default" : "protocol_v3" + }, + { + "doc" : "Timezone for IoTDB Thrift session", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-zoneId", + "text" : "zoneId", + "type" : "String", + "default" : "\"Asia/Shanghai\"" + }, + { + "doc" : "Size for the IoTDB Thrift connection pool", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Timeout for connecting to the IoTDB Thrift server
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Timeout for IoTDB Thrift server response
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-recv_timeout", + "text" : "recv_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "The username as configured at the IoTDB REST/Thrift interface", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password as configured at the IoTDB/Thrift REST interface
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Connector resource options", + "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_thrift" + } + ], + "hash" : "V-connectors-S-connectors-iotdb", + "text" : "iotdb", + "type" : "Map($name->OneOf(Struct(config_restapi),Struct(config_thrift)))" + }, + { + "doc" : "Kinesis Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Kinesis Client.", + "hash" : "T-connectors-S-connectors-kinesis-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Access Key ID for connecting to Amazon Kinesis.", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-aws_access_key_id", + "text" : "aws_access_key_id", + "type" : "String" + }, + { + "doc" : "AWS Secret Access Key for connecting to Amazon Kinesis.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-aws_secret_access_key", + "text" : "aws_secret_access_key", + "type" : "Secret" + }, + { + "doc" : "The url of Amazon Kinesis endpoint.", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-endpoint", + "text" : "endpoint", + "type" : "String" + }, + { + "doc" : "Max retry times if an error occurs when sending a request.", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + }, + { + "doc" : "The pool size.", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-kinesis", + "text" : "kinesis", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Kafka Producer Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Kafka Producer Client.", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "A comma separated list of Kafka host:port endpoints to bootstrap the client.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-bootstrap_hosts", + "text" : "bootstrap_hosts", + "type" : "String" + }, + { + "doc" : "Maximum wait time for TCP connection establishment (including authentication time if enabled).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Minimum time interval the client has to wait before refreshing Kafka broker and topic metadata. Setting too small value may add extra load on Kafka.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-min_metadata_refresh_interval", + "text" : "min_metadata_refresh_interval", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "Maximum wait time when fetching topic metadata.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-metadata_request_timeout", + "text" : "metadata_request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Authentication configs.", + "refs" : [ + { + "doc" : "Username/password based authentication.", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password", + "fields" : [ + { + "doc" : "SASL authentication mechanism.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-mechanism", + "text" : "mechanism", + "type" : "Enum(plain,scram_sha_256,scram_sha_512)" + }, + { + "doc" : "SASL authentication username.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "SASL authentication password.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_username_password" + }, + { + "doc" : "Use GSSAPI/Kerberos authentication.", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos", + "fields" : [ + { + "doc" : "SASL GSSAPI authentication Kerberos principal. For example kafka/node1.example.com@EXAMPLE.COM, NOTE: The realm in use has to be configured in /etc/krb5.conf in EMQX nodes.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_principal", + "text" : "kerberos_principal", + "type" : "String" + }, + { + "doc" : "SASL GSSAPI authentication Kerberos keytab file path. NOTE: This file has to be placed in EMQX nodes, and the EMQX service runner user requires read permission.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_keytab_file", + "text" : "kerberos_keytab_file", + "type" : "String" + } + ], + "text" : "auth_gssapi_kerberos" + } + ], + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication", + "text" : "authentication", + "type" : "OneOf(String(\"none\"),Struct(auth_username_password),Struct(auth_gssapi_kerberos))", + "default" : "none" + }, + { + "doc" : "Extra socket options.", + "refs" : [ + { + "doc" : "Extra socket options.", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts", + "fields" : [ + { + "doc" : "Fine tune the socket send buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "Fine tune the socket receive buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "When set to 'true', TCP buffer is sent as soon as possible. Otherwise, the OS kernel may buffer small TCP packets for a while (40 ms by default).", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: TCP keepalive probes are sent after the connection is idle for 240 seconds, and the probes are sent every 30 seconds until a response is received, if it misses 5 consecutive responses, the connection should be closed.\nDefault: 'none'", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive", + "text" : "tcp_keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "socket_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts", + "text" : "socket_opts", + "type" : "Struct(socket_opts)" + }, + { + "doc" : "Topic name used exclusively for more accurate connector health checks.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-health_check_topic", + "text" : "health_check_topic", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "TLS/SSL options for client.", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Server Name Indication (SNI) setting for TLS handshake.
\n- auto: Allow the client to automatically determine the appropriate SNI.
\n- disable: If you wish to prevent the client from sending the SNI.
\n- Other string values will be sent as-is.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)", + "default" : "auto" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-kafka_producer", + "text" : "kafka_producer", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "GreptimeDB Connector Config", + "refs" : [ + { + "doc" : "Configuration for an GreptimeDB action.", + "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe GreptimeDB default port 8086 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-server", + "text" : "server", + "type" : "String", + "default" : "\"127.0.0.1:4001\"" + }, + { + "doc" : "GreptimeDB database.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-dbname", + "text" : "dbname", + "type" : "String" + }, + { + "doc" : "GreptimeDB username.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "GreptimeDB password.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-greptimedb", + "text" : "greptimedb", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "DynamoDB Connector Config", + "refs" : [ + { + "doc" : "Configuration for an DynamoDB connector.", + "hash" : "T-connectors-S-connectors-dynamo-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The url of DynamoDB endpoint.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "Region of AWS Dynamo", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-region", + "text" : "region", + "type" : "String" + }, + { + "doc" : "Access Key ID for connecting to DynamoDB.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-aws_access_key_id", + "text" : "aws_access_key_id", + "type" : "String" + }, + { + "doc" : "AWS Secret Access Key for connecting to DynamoDB.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-aws_secret_access_key", + "text" : "aws_secret_access_key", + "type" : "Secret" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-dynamo", + "text" : "dynamo", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Azure Event Hub Connector Config", + "refs" : [ + { + "doc" : "Configuration for an Azure Event Hubs bridge.", + "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "A comma separated list of Azure Event Hubs Kafka host[:port] namespace endpoints to bootstrap the client. Default port number is 9093.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-bootstrap_hosts", + "text" : "bootstrap_hosts", + "type" : "String" + }, + { + "doc" : "Maximum wait time for TCP connection establishment (including authentication time if enabled).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Minimum time interval the client has to wait before refreshing Azure Event Hubs Kafka broker and topic metadata. Setting too small value may add extra load on Azure Event Hubs.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-min_metadata_refresh_interval", + "text" : "min_metadata_refresh_interval", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "Maximum wait time when fetching metadata from Azure Event Hubs.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-metadata_request_timeout", + "text" : "metadata_request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Authentication configs.", + "refs" : [ + { + "doc" : "Username/password based authentication.", + "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication-S-auth_username_password", + "fields" : [ + { + "doc" : "The Connection String for connecting to Azure Event Hubs. Should be the \"connection string-primary key\" of a Namespace shared access policy.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication-S-auth_username_password-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_username_password" + } + ], + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication", + "text" : "authentication", + "type" : "Struct(auth_username_password)", + "default" : "{}" + }, + { + "doc" : "Extra socket options.", + "refs" : [ + { + "doc" : "Extra socket options.", + "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts", + "fields" : [ + { + "doc" : "Fine tune the socket send buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "Fine tune the socket receive buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "When set to 'true', TCP buffer is sent as soon as possible. Otherwise, the OS kernel may buffer small TCP packets for a while (40 ms by default).", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: TCP keepalive probes are sent after the connection is idle for 240 seconds, and the probes are sent every 30 seconds until a response is received, if it misses 5 consecutive responses, the connection should be closed.\nDefault: 'none'", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive", + "text" : "tcp_keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "socket_opts" + } + ], + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts", + "text" : "socket_opts", + "type" : "Struct(socket_opts)" + }, + { + "doc" : "Topic name used exclusively for more accurate connector health checks.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-health_check_topic", + "text" : "health_check_topic", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "TLS/SSL options for Azure Event Hubs client.", + "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "String(\"true\")", + "default" : "true" + }, + { + "doc" : "Server Name Indication (SNI) setting for TLS handshake.
\n- auto: The client will use \"servicebus.windows.net\" as SNI.
\n- disable: If you wish to prevent the client from sending the SNI.
\n- Other string values it will be sent as-is.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)", + "default" : "auto" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = true}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-azure_event_hub_producer", + "text" : "azure_event_hub_producer", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "HStreamDB Connector Config", + "refs" : [ + { + "doc" : "Configuration for an HStreamDB connector.", + "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "HStreamDB Server URL. This URL will be used as the gRPC HTTP server address.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-url", + "text" : "url", + "type" : "String", + "default" : "\"http://127.0.0.1:6570\"" + }, + { + "doc" : "The timeout for HStreamDB gRPC requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-grpc_timeout", + "text" : "grpc_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-hstreamdb", + "text" : "hstreamdb", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "ElasticSearch Connector Config", + "refs" : [ + { + "doc" : "Configuration for ElasticSearch bridge.", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "The type of the pool. Can be one of `random`, `hash`.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "The pool size.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Elasticsearch default port 9200 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-server", + "text" : "server", + "type" : "String", + "default" : "\"127.0.0.1:9200\"" + }, + { + "doc" : "Authentication configuration", + "refs" : [ + { + "doc" : "Basic Authentication", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic", + "fields" : [ + { + "doc" : "The username as configured at the ElasticSearch REST interface", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password as configured at the ElasticSearch REST interface
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_basic" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication", + "text" : "authentication", + "type" : "OneOf(Struct(auth_basic))" + } + ], + "text" : "config" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch", + "text" : "elasticsearch", + "type" : "Map($name->Struct(config))" + }, + { + "doc" : "Pulsar Connector Config", + "refs" : [ + { + "doc" : "Pulsar connector config", + "hash" : "T-connectors-S-connectors-pulsar-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "A comma separated list of Pulsar URLs in the form scheme://host[:port]\n for the client to connect to. The supported schemes are pulsar:// (default)\n and pulsar+ssl://. The default port is 6650.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Authentication configs.", + "refs" : [ + { + "doc" : "Parameters for basic authentication.", + "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic", + "fields" : [ + { + "doc" : "Basic authentication username. The `username` part of the `username:password` authentication string.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Basic authentication password. The `password` part of the `username:password` authentication string.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_basic" + }, + { + "doc" : "Parameters for token authentication.", + "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_token", + "fields" : [ + { + "doc" : "JWT authentication token.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_token-jwt", + "text" : "jwt", + "type" : "Secret" + } + ], + "text" : "auth_token" + } + ], + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication", + "text" : "authentication", + "type" : "OneOf(String(\"none\"),Struct(auth_basic),Struct(auth_token))", + "default" : "none" + }, + { + "doc" : "Maximum wait time for TCP connection establishment (including authentication time if enabled).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Pulsar connector resource options", + "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-pulsar", + "text" : "pulsar", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "GCP PubSub Producer Connector Config", + "refs" : [ + { + "doc" : "Configuration for a GCP PubSub Producer Client.", + "hash" : "T-connectors-S-connectors-gcp_pubsub_producer-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "The pool size.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-pipelining", + "text" : "pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Max retry times if an error occurs when sending a request.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + }, + { + "doc" : "Deprecated since e5.0.1.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + }, + { + "doc" : "JSON containing the GCP Service Account credentials to be used with PubSub.\nWhen a GCP Service Account is created (as described in https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount), you have the option of downloading the credentials in JSON form. That's the file needed.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-service_account_json", + "text" : "service_account_json", + "type" : "String" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer", + "text" : "gcp_pubsub_producer", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "PostgreSQL Connector Config", + "refs" : [ + { + "doc" : "The configuration for the PostgreSQL connector.", + "hash" : "T-connectors-S-connectors-pgsql-S-config_connector", + "fields" : [ + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Database name.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-pgsql", + "text" : "pgsql", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "OpenTSDB Connector Config", + "refs" : [ + { + "doc" : "Configuration for OpenTSDB Connector.", + "hash" : "T-connectors-S-connectors-opents-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The URL of OpenTSDB endpoint.", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Whether to return summary information.", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-summary", + "text" : "summary", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Whether to return detailed information.", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-details", + "text" : "details", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-opents", + "text" : "opents", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Syskeeper Proxy Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Syskeeper proxy connector", + "hash" : "T-connectors-S-connectors-syskeeper_proxy-S-config", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The listening address for this Syskeeper proxy server", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-listen", + "text" : "listen", + "type" : "String" + }, + { + "doc" : "The number of the acceptors", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-acceptors", + "text" : "acceptors", + "type" : "Integer(0..+inf)", + "default" : "16" + }, + { + "doc" : "The maximum to wait for the handshake when a connection is created
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config" + } + ], + "hash" : "V-connectors-S-connectors-syskeeper_proxy", + "text" : "syskeeper_proxy", + "type" : "Map($name->Struct(config))" + }, + { + "doc" : "S3 Connector Config", + "refs" : [ + { + "doc" : "Configuration for a connector to S3 API compatible storage service.", + "hash" : "T-connectors-S-connectors-s3-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The access key ID of the S3 bucket.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-access_key_id", + "text" : "access_key_id", + "type" : "String" + }, + { + "doc" : "The secret access key of the S3 bucket.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-secret_access_key", + "text" : "secret_access_key", + "type" : "Secret" + }, + { + "doc" : "The host of the S3 endpoint.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-host", + "text" : "host", + "type" : "String" + }, + { + "doc" : "The port of the S3 endpoint.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-port", + "text" : "port", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Options for the HTTP transport layer used by the S3 client.", + "refs" : [ + { + "doc" : "Options for the HTTP transport layer used by the S3 client", + "hash" : "T-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options", + "fields" : [ + { + "doc" : "Whether to probe for IPv6 support.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ipv6_probe", + "text" : "ipv6_probe", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "The type of the pool. Can be one of `random`, `hash`.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "The pool size.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "transport_options" + } + ], + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options", + "text" : "transport_options", + "type" : "Struct(transport_options)" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "s3_connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(s3_connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-s3", + "text" : "s3", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Timescale Connector Config", + "refs" : [ + { + "doc" : "The configuration for the PostgreSQL connector.", + "hash" : "T-connectors-S-connectors-timescale-S-config_connector", + "fields" : [ + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Database name.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-timescale", + "text" : "timescale", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "TDengine Connector Config", + "refs" : [ + { + "doc" : "Configuration for TDengine Connector.", + "hash" : "T-connectors-S-connectors-tdengine-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe TDengine default port 6041 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-tdengine", + "text" : "tdengine", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "HTTP Connector Config", + "refs" : [ + { + "doc" : "Configuration for an HTTP action.", + "hash" : "T-connectors-S-connectors-http-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The URL of the HTTP action.
\nTemplate with variables is allowed in the path, but variables cannot be used in the scheme, host,\nor port part.
\nFor example, http://localhost:9901/${topic} is allowed, but\n http://${host}:9901/message or http://localhost:${port}/message \nis not allowed.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "The headers of the HTTP request.
\nTemplate with variables is allowed.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "The type of the pool. Can be one of `random`, `hash`.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "The pool size.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Deprecated since 5.3.2.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-request", + "text" : "request", + "type" : "Map" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-http", + "text" : "http", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "MySQL Connector Config", + "refs" : [ + { + "doc" : "Configuration for a MySQL action.", + "hash" : "T-connectors-S-connectors-mysql-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MySQL default port 3306 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Database name.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-mysql", + "text" : "mysql", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Cassandra Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Cassandra bridge.", + "hash" : "T-connectors-S-connectors-cassandra-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port][,Host2:Port]`.
\nThe Cassandra default port 9042 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Keyspace name to connect to.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-keyspace", + "text" : "keyspace", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-cassandra", + "text" : "cassandra", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "ClickHouse Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Clickhouse bridge.", + "hash" : "T-connectors-S-connectors-clickhouse-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The HTTP URL to the Clickhouse server that you want to connect to (for example http://myhostname:8123)", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "The timeout when connecting to the Clickhouse server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Database name.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-clickhouse", + "text" : "clickhouse", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "InfluxDB Connector Config", + "refs" : [ + { + "doc" : "Configuration for an InfluxDB bridge.", + "hash" : "T-connectors-S-connectors-influxdb-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe InfluxDB default port 8086 is used if `[:Port]` is not specified.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-server", + "text" : "server", + "type" : "String", + "default" : "\"127.0.0.1:8086\"" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer", + "default" : "8" + }, + { + "doc" : "Set of parameters specific for the given type of this InfluxDB connector, `influxdb_type` can be one of `influxdb_api_v1`, `influxdb_api_v1`.", + "refs" : [ + { + "doc" : "InfluxDB's protocol. Support InfluxDB v1.8 and before.", + "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1", + "fields" : [ + { + "doc" : "InfluxDB's protocol. Support InfluxDB v1.8 and before.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-influxdb_type", + "text" : "influxdb_type", + "type" : "String(\"influxdb_api_v1\")", + "default" : "influxdb_api_v1" + }, + { + "doc" : "InfluxDB database.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "InfluxDB username.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "InfluxDB password.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "connector_influxdb_api_v1" + }, + { + "doc" : "InfluxDB's protocol. Support InfluxDB v2.0 and after.", + "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2", + "fields" : [ + { + "doc" : "InfluxDB's protocol. Support InfluxDB v2.0 and after.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-influxdb_type", + "text" : "influxdb_type", + "type" : "String(\"influxdb_api_v2\")", + "default" : "influxdb_api_v2" + }, + { + "doc" : "InfluxDB bucket name.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-bucket", + "text" : "bucket", + "type" : "String" + }, + { + "doc" : "Organization name of InfluxDB.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-org", + "text" : "org", + "type" : "String" + }, + { + "doc" : "InfluxDB token.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-token", + "text" : "token", + "type" : "Secret" + } + ], + "text" : "connector_influxdb_api_v2" + } + ], + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(connector_influxdb_api_v1),Struct(connector_influxdb_api_v2))" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-influxdb", + "text" : "influxdb", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Confluent Connector Config", + "refs" : [ + { + "doc" : "Configuration for a Confluent action.", + "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector", + "fields" : [ + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "A comma separated list of Confluent Kafka host[:port] namespace endpoints to bootstrap the client. Default port number is 9092.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-bootstrap_hosts", + "text" : "bootstrap_hosts", + "type" : "String" + }, + { + "doc" : "Maximum wait time for TCP connection establishment (including authentication time if enabled).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Minimum time interval the client has to wait before refreshing Confluent Kafka broker and topic metadata. Setting too small value may add extra load on Confluent.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-min_metadata_refresh_interval", + "text" : "min_metadata_refresh_interval", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "Maximum wait time when fetching metadata from Confluent.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-metadata_request_timeout", + "text" : "metadata_request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Authentication configs.", + "refs" : [ + { + "doc" : "Username/password based authentication.", + "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password", + "fields" : [ + { + "doc" : "Confluent Key.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_username_password" + } + ], + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication", + "text" : "authentication", + "type" : "Struct(auth_username_password)", + "default" : "{}" + }, + { + "doc" : "Extra socket options.", + "refs" : [ + { + "doc" : "Extra socket options.", + "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts", + "fields" : [ + { + "doc" : "Fine tune the socket send buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "Fine tune the socket receive buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "When set to 'true', TCP buffer is sent as soon as possible. Otherwise, the OS kernel may buffer small TCP packets for a while (40 ms by default).", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: TCP keepalive probes are sent after the connection is idle for 240 seconds, and the probes are sent every 30 seconds until a response is received, if it misses 5 consecutive responses, the connection should be closed.\nDefault: 'none'", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive", + "text" : "tcp_keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "socket_opts" + } + ], + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts", + "text" : "socket_opts", + "type" : "Struct(socket_opts)" + }, + { + "doc" : "Topic name used exclusively for more accurate connector health checks.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-health_check_topic", + "text" : "health_check_topic", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "TLS/SSL options for Confluent client.", + "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Server Name Indication (SNI) setting for TLS handshake.
\n- auto: The client will use \"servicebus.windows.net\" as SNI.
\n- disable: If you wish to prevent the client from sending the SNI.
\n- Other string values it will be sent as-is.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)", + "default" : "auto" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = true}" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-confluent_producer", + "text" : "confluent_producer", + "type" : "Map($name->Struct(config_connector))" + } + ], + "text" : "connectors" + } + ], + "hash" : "V-connectors", + "text" : "connectors", + "type" : "Struct(connectors)" + }, + { + "refs" : [ + { + "doc" : "Configuration for actions.", + "hash" : "T-actions-S-actions", + "fields" : [ + { + "doc" : "Oracle Action Config", + "refs" : [ + { + "doc" : "Configuration for Oracle Action", + "hash" : "T-actions-S-actions-oracle-S-oracle_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configuration.", + "refs" : [ + { + "doc" : "Action specific configuration.", + "hash" : "T-actions-S-actions-oracle-S-oracle_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL Template. The template string can contain placeholders for message metadata and payload field. The placeholders are inserted without any checking and special formatting, so it is important to ensure that the inserted values are formatted and escaped correctly.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-oracle-S-oracle_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "oracle_action" + } + ], + "hash" : "V-actions-S-actions-oracle", + "text" : "oracle", + "type" : "Map($name->Struct(oracle_action))" + }, + { + "doc" : "Snowflake Action Config", + "refs" : [ + { + "doc" : "Action that takes incoming events and uploads them to the Snowflake.", + "hash" : "T-actions-S-actions-snowflake-S-snowflake", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Set of parameters for the action.", + "refs" : [ + { + "doc" : "Set of parameters for the action in aggregated mode.", + "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters", + "fields" : [ + { + "doc" : "Enables time-based aggregation of incoming events and uploading them to the Snowflake as a single object. This aggregation is done independently by each node in the cluster.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-mode", + "text" : "mode", + "type" : "String(\"aggregated\")" + }, + { + "doc" : "Set of parameters governing the aggregation process.", + "refs" : [ + { + "doc" : "Set of parameters governing the aggregation process.", + "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation", + "fields" : [ + { + "doc" : "Settings governing the file format of an upload containing aggregated events.", + "refs" : [ + { + "doc" : "Records (events) will be aggregated and uploaded as a CSV file.", + "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv", + "fields" : [ + { + "doc" : "Records (events) will be aggregated and uploaded as a CSV file.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-type", + "text" : "type", + "type" : "String(\"csv\")" + }, + { + "doc" : "Event fields that will be ordered first as columns in the resulting CSV file.
\nRegardless of this setting, resulting CSV will contain all the fields of aggregated events, but all the columns not explicitly mentioned here will be ordered after the ones listed here in the lexicographical order.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-column_order", + "text" : "column_order", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "container_csv" + } + ], + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container", + "text" : "container", + "type" : "OneOf(Struct(container_csv))", + "default" : "{type = csv}" + }, + { + "doc" : "Amount of time events will be aggregated in a single file on each node before uploading.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-time_interval", + "text" : "time_interval", + "type" : "Duration(s)", + "default" : "\"1h\"" + }, + { + "doc" : "Number of records (events) allowed per each aggregated file. Each aggregated upload will contain no more than that number of events, but may contain less.
\n If event rate is high enough, there obviously may be more than one aggregated upload during the same time interval. These uploads will have different, but consecutive sequence numbers, which will be a part of Snowflake staged file name.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-max_records", + "text" : "max_records", + "type" : "Integer(1..+inf)", + "default" : "1000000" + } + ], + "text" : "aggregation" + } + ], + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation", + "text" : "aggregation", + "type" : "Struct(aggregation)" + }, + { + "doc" : "The private key configured for the Pipe User. This supports the input formats below:\n- Plain key: Enter the private key contents in PEM format directly as a string value.\n- File Path: Specify the path to a file that contains the private key. Ensure the path starts with file://. The file path must be the same on all nodes in the cluster.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-private_key", + "text" : "private_key", + "type" : "Secret" + }, + { + "doc" : "Name of the Database that contains the Snowflake resources.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Name of the Schema that contains the Snowflake resources.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-schema", + "text" : "schema", + "type" : "String" + }, + { + "doc" : "Name of the Stage that'll be used for loading data files into Snowflake.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-stage", + "text" : "stage", + "type" : "String" + }, + { + "doc" : "Name of the Pipe that'll be used to ingest data into the table.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipe", + "text" : "pipe", + "type" : "String" + }, + { + "doc" : "A username which has a role with permissions over the Pipe to be used. The minimum permissions are `operate` and `monitor`.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipe_user", + "text" : "pipe_user", + "type" : "String" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipelining", + "text" : "pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "The pool size.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Max retry attempts if there's an error when sending an HTTP request.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "3" + }, + { + "doc" : "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS).", + "refs" : [ + { + "doc" : "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS).", + "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config", + "fields" : [ + { + "doc" : "Proxy host address to connect to.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config-host", + "text" : "host", + "type" : "String" + }, + { + "doc" : "Proxy port to use when connecting.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config-port", + "text" : "port", + "type" : "Integer(1..65535)" + } + ], + "text" : "proxy_config" + } + ], + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy", + "text" : "proxy", + "type" : "OneOf(String(\"none\"),Struct(proxy_config))", + "default" : "none" + } + ], + "text" : "aggreg_parameters" + } + ], + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(aggreg_parameters))" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"10ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "snowflake" + } + ], + "hash" : "V-actions-S-actions-snowflake", + "text" : "snowflake", + "type" : "Map($name->Struct(snowflake))" + }, + { + "doc" : "RabbitMQ Action Config", + "refs" : [ + { + "doc" : "Action configs.", + "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "The action config defines how this bridge send messages to the remote RabbitMQ broker", + "refs" : [ + { + "doc" : "The action config defines how this bridge send messages to the remote RabbitMQ broker", + "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "A boolean value that indicates whether to wait for RabbitMQ to confirm message publication when using publisher confirms.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-wait_for_publish_confirmations", + "text" : "wait_for_publish_confirmations", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The timeout for waiting on the connection to be established.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-publish_confirmation_timeout", + "text" : "publish_confirmation_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "The name of the RabbitMQ exchange where the messages will be sent.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-exchange", + "text" : "exchange", + "type" : "String" + }, + { + "doc" : "The routing key used to route messages to the correct queue in the RabbitMQ exchange.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-routing_key", + "text" : "routing_key", + "type" : "String" + }, + { + "doc" : "The delivery mode for messages published to RabbitMQ. Delivery mode non_persistent (1) is suitable for messages that don't require persistence across RabbitMQ restarts, whereas delivery mode persistent (2) is designed for messages that must survive RabbitMQ restarts.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-delivery_mode", + "text" : "delivery_mode", + "type" : "Enum(non_persistent,persistent)", + "default" : "non_persistent" + }, + { + "doc" : "The template for formatting the payload of the message before sending it to RabbitMQ. Template placeholders, such as ${field1.sub_field}, will be substituted with the respective field's value. When left empty, the entire input message will be used as the payload, formatted as a JSON text. This behavior is equivalent to specifying ${.} as the payload template.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-payload_template", + "text" : "payload_template", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "publisher_action" + } + ], + "hash" : "V-actions-S-actions-rabbitmq", + "text" : "rabbitmq", + "type" : "Map($name->Struct(publisher_action))" + }, + { + "doc" : "RocketMQ Action Config", + "refs" : [ + { + "doc" : "Configuration for RocketMQ Action", + "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configuration.", + "refs" : [ + { + "doc" : "Action specific configuration.", + "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Template, the default value is empty. When this value is empty the whole message will be stored in the RocketMQ.
\n The template can be any valid string with placeholders, example:
\n - ${id}, ${username}, ${clientid}, ${timestamp}
\n - {\"id\" : ${id}, \"username\" : ${username}}
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-template", + "text" : "template", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Producer key dispatch strategy, the default is `roundrobin`, also supports placeholders, such as: `clientid`, `messageid`, `username`.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-strategy", + "text" : "strategy", + "type" : "OneOf(String(\"roundrobin\"),String)", + "default" : "roundrobin" + }, + { + "doc" : "RocketMQ Topic
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-topic", + "text" : "topic", + "type" : "String", + "default" : "TopicTest" + }, + { + "doc" : "Timeout of RocketMQ driver synchronous call.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-sync_timeout", + "text" : "sync_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "RocketMQ Topic Route Refresh Interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The socket send buffer size of the RocketMQ driver client.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-send_buffer", + "text" : "send_buffer", + "type" : "Bytesize", + "default" : "\"1024KB\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "rocketmq_action" + } + ], + "hash" : "V-actions-S-actions-rocketmq", + "text" : "rocketmq", + "type" : "Map($name->Struct(rocketmq_action))" + }, + { + "doc" : "Redis Action Config", + "refs" : [ + { + "doc" : "Action to interact with a Redis connector.", + "hash" : "T-actions-S-actions-redis-S-redis_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-redis-S-redis_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "The parameters of the action.", + "refs" : [ + { + "doc" : "The parameters of the action.", + "hash" : "T-actions-S-actions-redis-S-redis_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Redis command template used to export messages. Each list element stands for a command name or its argument.\nFor example, to push payloads in a Redis list by key `msgs`, the elements should be the following:\n`rpush`, `msgs`, `${payload}`.", + "hash" : "V-actions-S-actions-redis-S-redis_action-parameters-S-action_parameters-command_template", + "text" : "command_template", + "type" : "Array(String)" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-redis-S-redis_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-redis-S-redis_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-redis-S-redis_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-redis-S-redis_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "This parameter defines the upper limit of the batch count.\nSetting this value to 1 effectively disables batching, as it indicates that only one item will be processed per batch.\nNote on Redis Cluster Mode:\nIn the context of Redis Cluster Mode, it is important to note that batching is not supported.\nConsequently, the batch_size is always set to 1,\nreflecting the mode inherent limitation in handling batch operations.", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "redis_action" + } + ], + "hash" : "V-actions-S-actions-redis", + "text" : "redis", + "type" : "Map($name->Struct(redis_action))" + }, + { + "doc" : "Syskeeper Forwarder Action Config", + "refs" : [ + { + "doc" : "Configuration for a Syskeeper action.", + "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Syskeeper action parameters", + "refs" : [ + { + "doc" : "Syskeeper action parameters", + "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters", + "fields" : [ + { + "doc" : "The topic for the forwarded message
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-target_topic", + "text" : "target_topic", + "type" : "String", + "default" : "\"${topic}\"" + }, + { + "doc" : "The QoS for the forwarded message. To preserve the original QoS of the forwarded message, the value can be omitted.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-target_qos", + "text" : "target_qos", + "type" : "Integer(0..2)" + }, + { + "doc" : "Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-template", + "text" : "template", + "type" : "String", + "default" : "\"${payload}\"" + } + ], + "text" : "parameters" + } + ], + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters", + "text" : "parameters", + "type" : "Struct(parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Whether start the resource right after created.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Deprecated since 5.1.0.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-auto_restart_interval", + "text" : "auto_restart_interval", + "type" : "OneOf(String(\"infinity\"),Duration)" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "infinity" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Deprecated since v5.0.14.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-enable_queue", + "text" : "enable_queue", + "type" : "Boolean" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "creation_opts" + } + ], + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(creation_opts)", + "default" : "{}" + } + ], + "text" : "config" + } + ], + "hash" : "V-actions-S-actions-syskeeper_forwarder", + "text" : "syskeeper_forwarder", + "type" : "Map($name->Struct(config))" + }, + { + "doc" : "MQTT Publisher Action Config", + "refs" : [ + { + "doc" : "Action configs.", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configs.", + "refs" : [ + { + "doc" : "Action specific configs.", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Forward to which topic of the remote broker.
\nTemplate with variables is allowed.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "The QoS of the MQTT message to be sent.
\nTemplate with variables is allowed.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-qos", + "text" : "qos", + "type" : "OneOf(Integer(0..2),String)", + "default" : "1" + }, + { + "doc" : "The 'retain' flag of the MQTT message to be sent.
\nTemplate with variables is allowed.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-retain", + "text" : "retain", + "type" : "OneOf(Boolean,String)", + "default" : "false" + }, + { + "doc" : "The payload of the MQTT message to be sent.
\nTemplate with variables is allowed.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-payload", + "text" : "payload", + "type" : "String" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "mqtt_publisher_action" + } + ], + "hash" : "V-actions-S-actions-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(mqtt_publisher_action))" + }, + { + "doc" : "Couchbase Action Config", + "refs" : [ + { + "doc" : "Action that takes incoming events and uploads them to the Couchbase service.", + "hash" : "T-actions-S-actions-couchbase-S-couchbase", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Set of parameters for the action.", + "refs" : [ + { + "doc" : "Set of parameters for the action.", + "hash" : "T-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters", + "fields" : [ + { + "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters-sql", + "text" : "sql", + "type" : "String" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "3" + } + ], + "text" : "parameters" + } + ], + "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters", + "text" : "parameters", + "type" : "Struct(parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "couchbase" + } + ], + "hash" : "V-actions-S-actions-couchbase", + "text" : "couchbase", + "type" : "Map($name->Struct(couchbase))" + }, + { + "doc" : "Configuration for Microsoft SOL Server action.", + "refs" : [ + { + "doc" : "Configuration for Microsoft SOL Server action.", + "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configuration.", + "refs" : [ + { + "doc" : "Action specific configuration.", + "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )\"" + }, + { + "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters-undefined_vars_as_null", + "text" : "undefined_vars_as_null", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "sqlserver_action" + } + ], + "hash" : "V-actions-S-actions-sqlserver", + "text" : "sqlserver", + "type" : "Map($name->Struct(sqlserver_action))" + }, + { + "doc" : "MongoDB Action Config", + "refs" : [ + { + "doc" : "Action to interact with a MongoDB connector", + "hash" : "T-actions-S-actions-mongodb-S-mongodb_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Additional parameters specific to this action type", + "refs" : [ + { + "doc" : "Additional parameters specific to this action type", + "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "The collection where data will be stored into
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters-collection", + "text" : "collection", + "type" : "String", + "default" : "mqtt" + }, + { + "doc" : "The template for formatting the outgoing messages. If undefined, rule engine will use JSON format to serialize all visible inputs, such as clientid, topic, payload etc.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters-payload_template", + "text" : "payload_template", + "type" : "String" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "mongodb_action" + } + ], + "hash" : "V-actions-S-actions-mongodb", + "text" : "mongodb", + "type" : "Map($name->Struct(mongodb_action))" + }, + { + "doc" : "Datalayers Action Config", + "refs" : [ + { + "doc" : "Action to interact with a Datalayers connector", + "hash" : "T-actions-S-actions-datalayers-S-datalayers_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Additional parameters specific to this action type", + "refs" : [ + { + "doc" : "Additional parameters specific to this action type", + "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Conf of InfluxDB line protocol to write data points. It is a text-based format that provides the measurement, tag set, field set, and timestamp of a data point, and placeholder supported.\nSee also [InfluxDB 1.8 Line Protocol](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\nTLDR:
\n```\n[,=[,=]] =[,=] []\n```\nPlease note that a placeholder for an integer value must be annotated with a suffix `i`. For example `${payload.int_value}i`.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters-write_syntax", + "text" : "write_syntax", + "type" : "String" + }, + { + "doc" : "Datalayers time precision.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters-precision", + "text" : "precision", + "type" : "Enum(ns,us,ms,s)", + "default" : "ms" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "datalayers_action" + } + ], + "hash" : "V-actions-S-actions-datalayers", + "text" : "datalayers", + "type" : "Map($name->Struct(datalayers_action))" + }, + { + "doc" : "Azure Blob Storage Action Config", + "refs" : [ + { + "doc" : "Action that takes incoming events and uploads them to the Azure Blob Storage service.", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Set of parameters for the action.", + "refs" : [ + { + "doc" : "Set of parameters for the action in aggregated mode.", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters", + "fields" : [ + { + "doc" : "Enables time-based aggregation of incoming events and uploading them to the Azure Blob Storage service as a single object.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-mode", + "text" : "mode", + "type" : "String(\"aggregated\")" + }, + { + "doc" : "Set of parameters governing the aggregation process.", + "refs" : [ + { + "doc" : "Set of parameters governing the aggregation process.", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation", + "fields" : [ + { + "doc" : "Settings governing the file format of an upload containing aggregated events.", + "refs" : [ + { + "doc" : "Records (events) will be aggregated and uploaded as a CSV file.", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv", + "fields" : [ + { + "doc" : "Records (events) will be aggregated and uploaded as a CSV file.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-type", + "text" : "type", + "type" : "String(\"csv\")" + }, + { + "doc" : "Event fields that will be ordered first as columns in the resulting CSV file.
\nRegardless of this setting, resulting CSV will contain all the fields of aggregated events, but all the columns not explicitly mentioned here will be ordered after the ones listed here in the lexicographical order.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-column_order", + "text" : "column_order", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "container_csv" + } + ], + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container", + "text" : "container", + "type" : "OneOf(Struct(container_csv))", + "default" : "{type = csv}" + }, + { + "doc" : "Amount of time events will be aggregated in a single object before uploading.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-time_interval", + "text" : "time_interval", + "type" : "Duration(s)", + "default" : "\"1h\"" + }, + { + "doc" : "Number of records (events) allowed per each aggregated object. Each aggregated upload will contain no more than that number of events, but may contain less.
\n If event rate is high enough, there obviously may be more than one aggregated upload during the same time interval. These uploads will have different, but consecutive sequence numbers, which will be a part of Azure Blob Storage blob name.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-max_records", + "text" : "max_records", + "type" : "Integer(1..+inf)", + "default" : "1000000" + } + ], + "text" : "aggregation" + } + ], + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation", + "text" : "aggregation", + "type" : "Struct(aggregation)" + }, + { + "doc" : "The Azure Blob Storage container name. Does not support templates.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-container", + "text" : "container", + "type" : "String" + }, + { + "doc" : "Template for the Azure Blob Storage blob name of an aggregated upload.
\n Template may contain placeholders for the following variables:\n
    \n
  • ${action}: name of the action (required).
    • \n
  • ${node}: name of the EMQX node conducting the upload (required).
    • \n
  • ${datetime.{format}}: date and time when aggregation started, formatted according to the {format} string (required):\n
      \n
    • ${datetime.rfc3339utc}: RFC3339-formatted date and time in UTC,
      • \n
    • ${datetime.rfc3339}: RFC3339-formatted date and time in local timezone,
      • \n
    • ${datetime.unix}: Unix timestamp.
      • \n
    \n
    • \n
  • ${datetime_until.{format}}: date and time when aggregation ended, with the same formatting options.
    • \n
  • ${sequence}: sequence number of the aggregated upload within the same time interval (required).
    • \n
\n All other placeholders are considered invalid. Note that placeholders marked as required will be added as a path suffix to the Azure Blob Storage blob name if they are missing from the template.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-blob", + "text" : "blob", + "type" : "String" + } + ], + "text" : "aggreg_parameters" + }, + { + "doc" : "Set of parameters for the upload action. Action supports templates in Azure Blob Storage container name, blob name and blob content.", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters", + "fields" : [ + { + "doc" : "Enables uploading of events to the Azure Blob Storage service as separate objects.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-mode", + "text" : "mode", + "type" : "String(\"direct\")" + }, + { + "doc" : "The name of the Azure Blob Storage container name.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-container", + "text" : "container", + "type" : "String" + }, + { + "doc" : "The name of the Azure Blob Storage blob name.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-blob", + "text" : "blob", + "type" : "String" + }, + { + "doc" : "Content of the Azure Blob Storage blob being uploaded. Supports templates.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-content", + "text" : "content", + "type" : "String", + "default" : "\"${.}\"" + } + ], + "text" : "direct_parameters" + } + ], + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(aggreg_parameters),Struct(direct_parameters))" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"10ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "azure_blob_storage" + } + ], + "hash" : "V-actions-S-actions-azure_blob_storage", + "text" : "azure_blob_storage", + "type" : "Map($name->Struct(azure_blob_storage))" + }, + { + "doc" : "Matrix Action Config", + "refs" : [ + { + "doc" : "Configuration for PostgreSQL Action", + "hash" : "T-actions-S-actions-matrix-S-pgsql_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Configuration Parameters Specific to the PostgreSQL Action", + "refs" : [ + { + "doc" : "Configuration Parameters Specific to the PostgreSQL Action", + "hash" : "T-actions-S-actions-matrix-S-pgsql_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "pgsql_action" + } + ], + "hash" : "V-actions-S-actions-matrix", + "text" : "matrix", + "type" : "Map($name->Struct(pgsql_action))" + }, + { + "doc" : "IoTDB Action Config", + "refs" : [ + { + "doc" : "Configuration for Apache IoTDB bridge.", + "hash" : "T-actions-S-actions-iotdb-S-action_config", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "IoTDB action parameters", + "refs" : [ + { + "doc" : "IoTDB action parameters", + "hash" : "T-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Whether to align the timeseries", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-is_aligned", + "text" : "is_aligned", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The IoTDB device ID this data should be inserted for.\nIf left empty, the MQTT message payload must contain a `device_id` field,\nor EMQX's rule-engine SQL must produce a `device_id` field.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-device_id", + "text" : "device_id", + "type" : "String" + }, + { + "doc" : "IoTDB action parameter data", + "refs" : [ + { + "doc" : "IoTDB action parameter data", + "hash" : "T-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data", + "fields" : [ + { + "doc" : "Timestamp. Placeholders in format of ${var} is supported, the final value can be:\n\n- now: use the `now_ms` which is contained in the payload as timestamp\n- now_ms: same as above\n- now_us: use the `now_us` which is contained in the payload as timestamp\n- now_ns: use the `now_ns` which is contained in the payload as timestamp\n- any other: use the value directly as the timestamp", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-timestamp", + "text" : "timestamp", + "type" : "OneOf(Enum(now,now_ms,now_ns,now_us),String)", + "default" : "now" + }, + { + "doc" : "Measurement. Placeholders in format of ${var} is supported
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-measurement", + "text" : "measurement", + "type" : "String" + }, + { + "doc" : "Data Type, an enumerated or a string.\nFor string placeholders in format of ${var} is supported, the final value can be:\n\n- TEXT\n- BOOLEAN\n- INT32\n- INT64\n- FLOAT\n- DOUBLE", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-data_type", + "text" : "data_type", + "type" : "OneOf(Enum(text,boolean,int32,int64,float,double),String)" + }, + { + "doc" : "Value. Placeholders in format of ${var} is supported
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-value", + "text" : "value", + "type" : "String" + } + ], + "text" : "action_parameters_data" + } + ], + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data", + "text" : "data", + "type" : "Array(Struct(action_parameters_data))", + "default" : "[]" + }, + { + "doc" : "HTTP request max retry times if failed.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Action Resource Options", + "hash" : "T-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "action_config" + } + ], + "hash" : "V-actions-S-actions-iotdb", + "text" : "iotdb", + "type" : "Map($name->Struct(action_config))" + }, + { + "doc" : "Kinesis Action Config", + "refs" : [ + { + "doc" : "Configuration for Kinesis Action", + "hash" : "T-actions-S-actions-kinesis-S-kinesis_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configuration.", + "refs" : [ + { + "doc" : "Action specific configuration.", + "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "The template for formatting the outgoing messages. If undefined, will send all the available context in JSON format.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-payload_template", + "text" : "payload_template", + "type" : "String", + "default" : "\"${.}\"" + }, + { + "doc" : "The Amazon Kinesis Stream to publish messages to.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-stream_name", + "text" : "stream_name", + "type" : "String" + }, + { + "doc" : "The Amazon Kinesis Partition Key associated to published message. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-partition_key", + "text" : "partition_key", + "type" : "String" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..500)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "kinesis_action" + } + ], + "hash" : "V-actions-S-actions-kinesis", + "text" : "kinesis", + "type" : "Map($name->Struct(kinesis_action))" + }, + { + "doc" : "Kafka Producer Action Config", + "refs" : [ + { + "doc" : "Producer Action", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action", + "fields" : [ + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in Kafka.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Kafka producer configs.", + "refs" : [ + { + "doc" : "Kafka producer configs.", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts", + "fields" : [ + { + "doc" : "Kafka topic name. Supports templates (e.g.: `t-${payload.t}`).
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "Template for rendering a message.", + "refs" : [ + { + "doc" : "Template for rendering a message.", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message", + "fields" : [ + { + "doc" : "Template for rendering message key. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-key", + "text" : "key", + "type" : "String", + "default" : "\"${.clientid}\"" + }, + { + "doc" : "Template for rendering Kafka message value. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then Kafka's NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-value", + "text" : "value", + "type" : "String", + "default" : "\"${.}\"" + }, + { + "doc" : "Which timestamp to use. The timestamp is expected to be a millisecond precision Unix epoch which can be in string format, e.g. 1661326462115 or '1661326462115'. When the desired data field for this template is not found, or if the found data is not a valid integer, the current system timestamp will be used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-timestamp", + "text" : "timestamp", + "type" : "String", + "default" : "\"${.timestamp}\"" + } + ], + "text" : "kafka_message" + } + ], + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message", + "text" : "message", + "type" : "Struct(kafka_message)" + }, + { + "doc" : "Maximum duration for a per-partition producer to wait for messages in order to collect a batch to buffer.\nThe default value `0` means no wait. For non-memory buffer mode, it's advised to configure at least `5ms` for less IOPS.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_linger_time", + "text" : "max_linger_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes for a per-partition producer to wait for messages in order to collect a batch to buffer.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_linger_bytes", + "text" : "max_linger_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "Maximum bytes to collect in a Kafka message batch. Most of the Kafka brokers default to a limit of 1 MB batch size. EMQX's default value is less than 1 MB in order to compensate Kafka message encoding overheads (especially when each individual message is very small). When a single message is over the limit, it is still sent (as a single element batch).
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_batch_bytes", + "text" : "max_batch_bytes", + "type" : "Bytesize", + "default" : "\"896KB\"" + }, + { + "doc" : "Specify the method of compression.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-compression", + "text" : "compression", + "type" : "Enum(no_compression,snappy,gzip)", + "default" : "no_compression" + }, + { + "doc" : "Partition strategy is to tell the producer how to dispatch messages to partitions.\n\nrandom: Randomly pick a partition for each message.\nkey_dispatch: Assigns messages to partitions based on a hash of the message key,\nensuring consistent partition for messages with the same key.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partition_strategy", + "text" : "partition_strategy", + "type" : "Enum(random,key_dispatch)", + "default" : "random" + }, + { + "doc" : "The acknowledgement criteria for the partition leader. It determines the level of confirmation required from partition replicas before sending an acknowledgement back to the producer.\n\nall_isr: Require all in-sync replicas to acknowledge.\nleader_only: Require only the partition-leader's acknowledgement.\nnone: No need for Kafka to acknowledge at all.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-required_acks", + "text" : "required_acks", + "type" : "Enum(all_isr,leader_only,none)", + "default" : "all_isr" + }, + { + "doc" : "Provide a placeholder for message headers
\ne.g. ${pub_props}
\nNote that the value of the placeholder must be either an object:\n{\"foo\": \"bar\"}\nor an array of key-value pairs:\n[{\"key\": \"foo\", \"value\": \"bar\"}]
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_headers", + "text" : "kafka_headers", + "type" : "String" + }, + { + "doc" : "Provide more key-value pairs for message headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending producing.", + "refs" : [ + { + "doc" : "Provide more key-value pairs for message headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending producing.", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers", + "fields" : [ + { + "doc" : "Key of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key", + "text" : "kafka_ext_header_key", + "type" : "String" + }, + { + "doc" : "Value of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value", + "text" : "kafka_ext_header_value", + "type" : "String" + } + ], + "text" : "producer_kafka_ext_headers" + } + ], + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers", + "text" : "kafka_ext_headers", + "type" : "Array(Struct(producer_kafka_ext_headers))" + }, + { + "doc" : "The encoding mode for headers.\n\n - `none`: Add only strings are added as header values\n - `json`: Encode header values as JSON string", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode", + "text" : "kafka_header_value_encode_mode", + "type" : "Enum(none,json)", + "default" : "none" + }, + { + "doc" : "The time interval for Kafka producer to discover increased number of partitions.\nAfter the number of partitions is increased in Kafka, EMQX will start taking the\ndiscovered partitions into account when dispatching messages per partition_strategy.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partition_count_refresh_interval", + "text" : "partition_count_refresh_interval", + "type" : "Duration(s)", + "default" : "\"60s\"" + }, + { + "doc" : "Limit the number of partitions to produce data for the given topic.\nThe special value `all_partitions` is to utilize all partitions for the topic.\nSetting this to a value which is greater than the total number of partitions in has no effect.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partitions_limit", + "text" : "partitions_limit", + "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))", + "default" : "all_partitions" + }, + { + "doc" : "The maximum number of message batches that the producer can send to each partition before it must wait for an acknowledgement.\nSetting a higher number can enhance throughput. However, value above 1 may lead to potential message reordering risks.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_inflight", + "text" : "max_inflight", + "type" : "Integer(1..+inf)", + "default" : "10" + }, + { + "doc" : "Configure producer message buffer.\n\nTell Kafka producer how to buffer messages when EMQX has more messages to send than Kafka can keep up, or when Kafka is down.", + "refs" : [ + { + "doc" : "Configure producer message buffer.\n\nTell Kafka producer how to buffer messages when EMQX has more messages to send than Kafka can keep up, or when Kafka is down.", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer", + "fields" : [ + { + "doc" : "Message buffer mode.\n\nmemory: Buffer all messages in memory. The messages will be lost in case of EMQX node restart\ndisk: Buffer all messages on disk. The messages on disk are able to survive EMQX node restart.\nhybrid: Buffer message in memory first, when up to certain limit (see segment_bytes config for more information), then start offloading messages to disk, Like memory mode, the messages will be lost in case of EMQX node restart.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode", + "text" : "mode", + "type" : "Enum(memory,disk,hybrid)", + "default" : "memory" + }, + { + "doc" : "Number of bytes allowed to buffer for each partition. When this limit is exceeded, older messages will be discarded to make room for new messages to be buffered.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit", + "text" : "per_partition_limit", + "type" : "Bytesize", + "default" : "\"2GB\"" + }, + { + "doc" : "Applicable when buffer mode is set to disk or hybrid.\nThis setting specifies the size of each buffer file stored on disk.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes", + "text" : "segment_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "Applicable when buffer mode is set to memory\nEMQX will drop old buffered messages under high memory pressure. The high memory threshold is defined in config sysmon.os.sysmem_high_watermark. NOTE: This config only works on Linux.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection", + "text" : "memory_overload_protection", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "producer_buffer" + } + ], + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer", + "text" : "buffer", + "type" : "Struct(producer_buffer)" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(async,sync)", + "default" : "async" + }, + { + "doc" : "This parameter defines the timeout limit for synchronous queries. It applies only when the query mode is configured to 'sync'.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-sync_query_timeout", + "text" : "sync_query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "producer_kafka_opts" + } + ], + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters", + "aliases" : [ + "kafka" + ], + "text" : "parameters", + "type" : "Struct(producer_kafka_opts)" + }, + { + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + } + ], + "text" : "kafka_producer_action" + } + ], + "hash" : "V-actions-S-actions-kafka_producer", + "text" : "kafka_producer", + "type" : "Map($name->Struct(kafka_producer_action))" + }, + { + "doc" : "GreptimeDB Action Config", + "refs" : [ + { + "doc" : "Action to interact with a GreptimeDB connector", + "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Additional parameters specific to this action type", + "refs" : [ + { + "doc" : "Additional parameters specific to this action type", + "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Conf of GreptimeDB gRPC protocol to write data points. Write syntax is a text-based format that provides the measurement, tag set, field set, and timestamp of a data point, and placeholder supported, which is the same as InfluxDB line protocol.\nSee also [InfluxDB 2.3 Line Protocol](https://docs.influxdata.com/influxdb/v2.3/reference/syntax/line-protocol/) and\n[GreptimeDB 1.8 Line Protocol](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\nTLDR:
\n```\n[,=[,=]] =[,=] []\n```\nPlease note that a placeholder for an integer value must be annotated with a suffix `i`. For example `${payload.int_value}i`.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters-write_syntax", + "text" : "write_syntax", + "type" : "String" + }, + { + "doc" : "GreptimeDB time precision.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters-precision", + "text" : "precision", + "type" : "Enum(ns,us,ms,s)", + "default" : "ms" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "greptimedb_action" + } + ], + "hash" : "V-actions-S-actions-greptimedb", + "text" : "greptimedb", + "type" : "Map($name->Struct(greptimedb_action))" + }, + { + "doc" : "DynamoDB Action Config", + "refs" : [ + { + "doc" : "Configuration for DynamoDB action.", + "hash" : "T-actions-S-actions-dynamo-S-dynamo_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configuration.", + "refs" : [ + { + "doc" : "Action specific configuration.", + "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Template, the default value is empty. When this value is empty the whole message will be stored in the database.
\nThe template can be any valid JSON with placeholders and make sure all keys for table are here, example:
\n {\"id\" : \"${id}\", \"clientid\" : \"${clientid}\", \"data\" : \"${payload.data}\"}
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-template", + "text" : "template", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "DynamoDB Hash Key", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-hash_key", + "text" : "hash_key", + "type" : "String" + }, + { + "doc" : "DynamoDB Range Key", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-range_key", + "text" : "range_key", + "type" : "String" + }, + { + "doc" : "DynamoDB Table.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-table", + "text" : "table", + "type" : "String" + }, + { + "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-undefined_vars_as_null", + "text" : "undefined_vars_as_null", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "dynamo_action" + } + ], + "hash" : "V-actions-S-actions-dynamo", + "text" : "dynamo", + "type" : "Map($name->Struct(dynamo_action))" + }, + { + "doc" : "Azure Event Hub Actions Config", + "refs" : [ + { + "doc" : "The configuration for an action.", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in Azure Event Hubs.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Azure Event Hubs producer configs.", + "refs" : [ + { + "doc" : "Azure Event Hubs producer configs.", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts", + "fields" : [ + { + "doc" : "Event Hubs name. Supports templates (e.g.: `t-${payload.t}`).
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "Template for rendering a message.", + "refs" : [ + { + "doc" : "Template for rendering a message.", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message", + "fields" : [ + { + "doc" : "Template for rendering message key. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-key", + "text" : "key", + "type" : "String", + "default" : "\"${.clientid}\"" + }, + { + "doc" : "Template to render Azure Event Hubs message value. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then Azure Event Hubs' NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-value", + "text" : "value", + "type" : "String", + "default" : "\"${.}\"" + } + ], + "text" : "kafka_message" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message", + "text" : "message", + "type" : "Struct(kafka_message)" + }, + { + "doc" : "Maximum duration for a per-partition producer to wait for messages in order to collect a batch to buffer.\nThe default value `0` means no wait. For non-memory buffer mode, it's advised to configure at least `5ms` for less IOPS.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_time", + "text" : "max_linger_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes for a per-partition producer to wait for messages in order to collect a batch to buffer.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_bytes", + "text" : "max_linger_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "Maximum bytes to collect in an Azure Event Hubs message batch.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_batch_bytes", + "text" : "max_batch_bytes", + "type" : "Bytesize", + "default" : "\"896KB\"" + }, + { + "doc" : "Partition strategy is to tell the producer how to dispatch messages to partitions.\n\nrandom: Randomly pick a partition for each message.\nkey_dispatch: Assigns messages to partitions based on a hash of the message key,\nensuring consistent partition for messages with the same key.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partition_strategy", + "text" : "partition_strategy", + "type" : "Enum(random,key_dispatch)", + "default" : "random" + }, + { + "doc" : "The acknowledgement criteria for the partition leader. It determines the level of confirmation required from partition replicas before sending an acknowledgement back to the producer.\n\nall_isr: Require all in-sync replicas to acknowledge.\nleader_only: Require only the partition-leader's acknowledgement.\nnone: No need for Kafka to acknowledge at all.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-required_acks", + "text" : "required_acks", + "type" : "Enum(all_isr,leader_only)", + "default" : "all_isr" + }, + { + "doc" : "Provide a placeholder for message headers
\ne.g. ${pub_props}
\nNote that the value of the placeholder must be either an object:\n{\"foo\": \"bar\"}\nor an array of key-value pairs:\n[{\"key\": \"foo\", \"value\": \"bar\"}]
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_headers", + "text" : "kafka_headers", + "type" : "String" + }, + { + "doc" : "Please provide more key-value pairs for Azure Event Hubs headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending to Azure Event Hubs.", + "refs" : [ + { + "doc" : "Provide more key-value pairs for message headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending producing.", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers", + "fields" : [ + { + "doc" : "Key of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key", + "text" : "kafka_ext_header_key", + "type" : "String" + }, + { + "doc" : "Value of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value", + "text" : "kafka_ext_header_value", + "type" : "String" + } + ], + "text" : "producer_kafka_ext_headers" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers", + "text" : "kafka_ext_headers", + "type" : "Array(Struct(producer_kafka_ext_headers))" + }, + { + "doc" : "The encoding mode for headers.\n\n - `none`: Add only strings are added as header values\n - `json`: Encode header values as JSON string", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode", + "text" : "kafka_header_value_encode_mode", + "type" : "Enum(none,json)", + "default" : "none" + }, + { + "doc" : "The time interval for Azure Event Hubs producer to discover increased number of partitions.\nAfter the number of partitions is increased in Azure Event Hubs, EMQX will start taking the\ndiscovered partitions into account when dispatching messages per partition_strategy.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partition_count_refresh_interval", + "text" : "partition_count_refresh_interval", + "type" : "Duration(s)", + "default" : "\"60s\"" + }, + { + "doc" : "Limit the number of partitions to produce data for the given topic.\nThe special value `all_partitions` is to utilize all partitions for the topic.\nSetting this to a value which is greater than the total number of partitions in has no effect.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partitions_limit", + "text" : "partitions_limit", + "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))", + "default" : "all_partitions" + }, + { + "doc" : "The maximum number of message batches that the producer can send to each partition before it must wait for an acknowledgement.\nSetting a higher number can enhance throughput. However, value above 1 may lead to potential message reordering risks.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_inflight", + "text" : "max_inflight", + "type" : "Integer(1..+inf)", + "default" : "10" + }, + { + "doc" : "Configure producer message buffer.\n\nTell Azure Event Hubs producer how to buffer messages when EMQX has more messages to send than Azure Event Hubs can keep up, or when Azure Event Hubs is down.", + "refs" : [ + { + "doc" : "Configure producer message buffer.\n\nTell Kafka producer how to buffer messages when EMQX has more messages to send than Kafka can keep up, or when Kafka is down.", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer", + "fields" : [ + { + "doc" : "Message buffer mode.\n\nmemory: Buffer all messages in memory. The messages will be lost in case of EMQX node restart\ndisk: Buffer all messages on disk. The messages on disk are able to survive EMQX node restart.\nhybrid: Buffer message in memory first, when up to certain limit (see segment_bytes config for more information), then start offloading messages to disk, Like memory mode, the messages will be lost in case of EMQX node restart.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode", + "text" : "mode", + "type" : "Enum(memory,disk,hybrid)", + "default" : "memory" + }, + { + "doc" : "Number of bytes allowed to buffer for each partition. When this limit is exceeded, older messages will be discarded to make room for new messages to be buffered.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit", + "text" : "per_partition_limit", + "type" : "Bytesize", + "default" : "\"2GB\"" + }, + { + "doc" : "Applicable when buffer mode is set to disk or hybrid.\nThis setting specifies the size of each buffer file stored on disk.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes", + "text" : "segment_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "Applicable when buffer mode is set to memory\nEMQX will drop old buffered messages under high memory pressure. The high memory threshold is defined in config sysmon.os.sysmem_high_watermark. NOTE: This config only works on Linux.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection", + "text" : "memory_overload_protection", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "producer_buffer" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer", + "text" : "buffer", + "type" : "Struct(producer_buffer)" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(async,sync)", + "default" : "async" + }, + { + "doc" : "This parameter defines the timeout limit for synchronous queries. It applies only when the bridge query mode is configured to 'sync'.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-sync_query_timeout", + "text" : "sync_query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "producer_kafka_opts" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters", + "aliases" : [ + "kafka" + ], + "text" : "parameters", + "type" : "Struct(producer_kafka_opts)" + }, + { + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "actions" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer", + "text" : "azure_event_hub_producer", + "type" : "Map($name->Struct(actions))" + }, + { + "doc" : "HStreamDB Action Config", + "refs" : [ + { + "doc" : "Configuration for HStreamDB action.", + "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configuration.", + "refs" : [ + { + "doc" : "Action specific configuration.", + "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "HStreamDB Stream Name.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-stream", + "text" : "stream", + "type" : "String" + }, + { + "doc" : "HStreamDB Partition Key. Placeholders supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-partition_key", + "text" : "partition_key", + "type" : "String" + }, + { + "doc" : "Time interval for flushing gRPC calls to the HStreamDB server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-grpc_flush_timeout", + "text" : "grpc_flush_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "The HStream Record template to be forwarded to the HStreamDB. Placeholders supported.
\nNOTE: When you use `raw record` template (which means the data is not a valid JSON), you should use `read` or `subscription` in HStream to get the data.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-record_template", + "text" : "record_template", + "type" : "String", + "default" : "\"${payload}\"" + }, + { + "doc" : "The size of the record aggregation pool. A larger aggregation pool size can lead to enhanced parallelization but may also result in reduced efficiency due to smaller batch sizes.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-aggregation_pool_size", + "text" : "aggregation_pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Maximum number of unconfirmed batches in the flush queue.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-max_batches", + "text" : "max_batches", + "type" : "Integer(1..+inf)", + "default" : "500" + }, + { + "doc" : "The size of the writer pool. A larger pool may increase parallelization and concurrent write operations, potentially boosting throughput. Trade-offs include greater memory consumption and possible resource contention.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-writer_pool_size", + "text" : "writer_pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Maximum number of insert data clauses that can be sent in a single request.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum interval that is allowed between two successive (batch) request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-batch_interval", + "text" : "batch_interval", + "type" : "Duration", + "default" : "\"500ms\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "hstreamdb_action" + } + ], + "hash" : "V-actions-S-actions-hstreamdb", + "text" : "hstreamdb", + "type" : "Map($name->Struct(hstreamdb_action))" + }, + { + "doc" : "Elasticsearch Bridge", + "refs" : [ + { + "doc" : "ElasticSearch Action Configuration", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config", + "fields" : [ + { + "doc" : "ElasticSearch action parameters", + "refs" : [ + { + "doc" : "Adds a JSON document to the specified index and makes it searchable.\nIf the target is an index and the document already exists,\nthe request updates the document and increments its version.", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create", + "fields" : [ + { + "doc" : "create", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-action", + "text" : "action", + "type" : "String(\"create\")" + }, + { + "doc" : "Name of index, or index alias to perform the action on.\nThis parameter is required.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "The document ID. If no ID is specified, a document ID is automatically generated.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "JSON document. If undefined, rule engine will use JSON format to serialize all visible inputs, such as clientid, topic, payload etc.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-doc", + "text" : "doc", + "type" : "String" + }, + { + "doc" : "Custom value used to route operations to a specific shard.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "If true, the request’s actions must target an index alias. Defaults to false", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-require_alias", + "text" : "require_alias", + "type" : "Boolean" + }, + { + "doc" : "Set to false If a document with the specified _id already exists(conflict), the operation will fail.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-overwrite", + "text" : "overwrite", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "HTTP request max retry times if failed.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_create" + }, + { + "doc" : "Removes a JSON document from the specified index.", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete", + "fields" : [ + { + "doc" : "delete", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-action", + "text" : "action", + "type" : "String(\"delete\")" + }, + { + "doc" : "Name of index, or index alias to perform the action on.\nThis parameter is required.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "The document ID. If no ID is specified, a document ID is automatically generated.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "Custom value used to route operations to a specific shard.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "HTTP request max retry times if failed.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_delete" + }, + { + "doc" : "Updates a document using the specified doc.", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update", + "fields" : [ + { + "doc" : "update", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-action", + "text" : "action", + "type" : "String(\"update\")" + }, + { + "doc" : "Name of index, or index alias to perform the action on.\nThis parameter is required.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "The document ID. If no ID is specified, a document ID is automatically generated.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "JSON document. If undefined, rule engine will use JSON format to serialize all visible inputs, such as clientid, topic, payload etc.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc", + "text" : "doc", + "type" : "String" + }, + { + "doc" : "Instead of sending a partial doc plus an upsert doc,\nyou can set doc_as_upsert to true to use the contents of doc as the upsert value.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc_as_upsert", + "text" : "doc_as_upsert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Custom value used to route operations to a specific shard.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "If true, the request’s actions must target an index alias. Defaults to false", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-require_alias", + "text" : "require_alias", + "type" : "Boolean" + }, + { + "doc" : "HTTP request max retry times if failed.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_update" + } + ], + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(action_create),Struct(action_delete),Struct(action_update))" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "action_config" + } + ], + "hash" : "V-actions-S-actions-elasticsearch", + "text" : "elasticsearch", + "type" : "Map($action_name->Struct(action_config))" + }, + { + "doc" : "Pulsar Action Config", + "refs" : [ + { + "doc" : "Publish message to Pulsar topic", + "hash" : "T-actions-S-actions-pulsar-S-publisher_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configs.", + "refs" : [ + { + "doc" : "Action specific configs.", + "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Template to render a Pulsar message.", + "refs" : [ + { + "doc" : "Template to render a Pulsar message.", + "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message", + "fields" : [ + { + "doc" : "Template to render Pulsar message key.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message-key", + "text" : "key", + "type" : "String", + "default" : "\"${.clientid}\"" + }, + { + "doc" : "Template to render Pulsar message value.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message-value", + "text" : "value", + "type" : "String", + "default" : "\"${.}\"" + } + ], + "text" : "producer_pulsar_message" + } + ], + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message", + "text" : "message", + "type" : "Struct(producer_pulsar_message)" + }, + { + "doc" : "Maximum wait time for receiving a receipt from Pulsar when publishing synchronously.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-sync_timeout", + "text" : "sync_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "Pulsar topic name", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-pulsar_topic", + "text" : "pulsar_topic", + "type" : "String" + }, + { + "doc" : "Maximum number of individual requests to batch in a Pulsar message.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Compression method.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-compression", + "text" : "compression", + "type" : "Enum(no_compression,snappy,zlib)", + "default" : "no_compression" + }, + { + "doc" : "Fine tune the socket send buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-send_buffer", + "text" : "send_buffer", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The amount of time messages will be buffered while there is no connection to\n the Pulsar broker. Longer times mean that more memory/disk will be used", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-retention_period", + "text" : "retention_period", + "type" : "OneOf(String(\"infinity\"),Duration)", + "default" : "infinity" + }, + { + "doc" : "Maximum bytes to collect in a Pulsar message batch. Most of the Pulsar brokers\n default to a limit of 5 MB batch size. EMQX's default value is less than 5 MB in\n order to compensate Pulsar message encoding overheads (especially when each individual\n message is very small). When a single message is over the limit, it is still\n sent (as a single element batch).
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-max_batch_bytes", + "text" : "max_batch_bytes", + "type" : "Bytesize", + "default" : "\"900KB\"" + }, + { + "doc" : "Partition strategy is to tell the producer how to dispatch messages to Pulsar partitions.\n\nrandom: Randomly pick a partition for each message.\nroundrobin: Pick each available producer in turn for each message.\nkey_dispatch: Hash Pulsar message key of the first message in a batch\n to a partition number.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-strategy", + "text" : "strategy", + "type" : "Enum(random,roundrobin,key_dispatch)", + "default" : "random" + }, + { + "doc" : "Configure producer message buffer.\"\nTell Pulsar producer how to buffer messages when EMQX has more messages to\"\n send than Pulsar can keep up, or when Pulsar is down.", + "refs" : [ + { + "doc" : "Configure producer message buffer.\"\nTell Pulsar producer how to buffer messages when EMQX has more messages to\"\n send than Pulsar can keep up, or when Pulsar is down.", + "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer", + "fields" : [ + { + "doc" : "Message buffer mode.\nmemory: Buffer all messages in memory. The messages will be lost\n in case of EMQX node restart\\ndisk: Buffer all messages on disk.\n The messages on disk are able to survive EMQX node restart.\nhybrid: Buffer message in memory first, when up to certain limit\n (see segment_bytes config for more information), then start offloading\n messages to disk, Like memory mode, the messages will be lost in\n case of EMQX node restart.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-mode", + "text" : "mode", + "type" : "Enum(memory,disk,hybrid)", + "default" : "memory" + }, + { + "doc" : "Number of bytes allowed to buffer for each Pulsar partition.\n When this limit is exceeded, old messages will be dropped in a trade for credits\n for new messages to be buffered.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-per_partition_limit", + "text" : "per_partition_limit", + "type" : "Bytesize", + "default" : "\"2GB\"" + }, + { + "doc" : "Applicable when buffer mode is set to disk or hybrid.\nThis value is to specify the size of each on-disk buffer file.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-segment_bytes", + "text" : "segment_bytes", + "type" : "Bytesize", + "default" : "\"100MB\"" + }, + { + "doc" : "Applicable when buffer mode is set to memory\nEMQX will drop old buffered messages under high memory pressure.\nThe high memory threshold is defined in config sysmon.os.sysmem_high_watermark.\n NOTE: This config only works on Linux.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-memory_overload_protection", + "text" : "memory_overload_protection", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "producer_buffer" + } + ], + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer", + "text" : "buffer", + "type" : "Struct(producer_buffer)" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Deprecated since 5.8.1.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "publisher_action" + } + ], + "hash" : "V-actions-S-actions-pulsar", + "text" : "pulsar", + "type" : "Map($name->Struct(publisher_action))" + }, + { + "doc" : "GCP PubSub Producer Action Config", + "refs" : [ + { + "doc" : "Action configs.", + "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action configs.", + "refs" : [ + { + "doc" : "Action specific configs.", + "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "The template for formatting the outgoing message attributes. Undefined values will be rendered as empty string values. Empty keys are removed from the attribute map.", + "refs" : [ + { + "doc" : "Key-value pair.", + "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair", + "fields" : [ + { + "doc" : "Key
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair-key", + "text" : "key", + "type" : "String" + }, + { + "doc" : "Value
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair-value", + "text" : "value", + "type" : "String" + } + ], + "text" : "key_value_pair" + } + ], + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template", + "text" : "attributes_template", + "type" : "Array(Struct(key_value_pair))", + "default" : "[]" + }, + { + "doc" : "The template for formatting the outgoing message ordering key. Undefined values will be rendered as empty string values. This value will not be added to the message if it's empty.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-ordering_key_template", + "text" : "ordering_key_template", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The template for formatting the outgoing messages. If undefined, will send all the available context in JSON format.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-payload_template", + "text" : "payload_template", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The GCP PubSub topic to publish messages to.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-pubsub_topic", + "text" : "pubsub_topic", + "type" : "String" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "producer_action" + } + ], + "hash" : "V-actions-S-actions-gcp_pubsub_producer", + "text" : "gcp_pubsub_producer", + "type" : "Map($name->Struct(producer_action))" + }, + { + "doc" : "PostgreSQL Action Config", + "refs" : [ + { + "doc" : "Configuration for PostgreSQL Action", + "hash" : "T-actions-S-actions-pgsql-S-pgsql_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Configuration Parameters Specific to the PostgreSQL Action", + "refs" : [ + { + "doc" : "Configuration Parameters Specific to the PostgreSQL Action", + "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "pgsql_action" + } + ], + "hash" : "V-actions-S-actions-pgsql", + "text" : "pgsql", + "type" : "Map($name->Struct(pgsql_action))" + }, + { + "doc" : "OpenTSDB Action Config", + "refs" : [ + { + "doc" : "Configuration for an OpenTSDB bridge.", + "hash" : "T-actions-S-actions-opents-S-action_config", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-opents-S-action_config-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "OpenTSDB action parameters", + "refs" : [ + { + "doc" : "OpenTSDB action parameters", + "hash" : "T-actions-S-actions-opents-S-action_config-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "OpenTSDB action parameter data", + "refs" : [ + { + "doc" : "OpenTSDB action parameter data", + "hash" : "T-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data", + "fields" : [ + { + "doc" : "Timestamp. Placeholders in the format of ${var} are supported
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-timestamp", + "text" : "timestamp", + "type" : "String" + }, + { + "doc" : "Metric. Placeholders in the format of ${var} are supported
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-metric", + "text" : "metric", + "type" : "String" + }, + { + "doc" : "Tags. Only supports with placeholder to extract tags from a variable or a tags map", + "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-tags", + "text" : "tags", + "type" : "OneOf(Map,String)" + }, + { + "doc" : "Value. Placeholders in the format of ${var} are supported", + "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-value", + "text" : "value", + "type" : "OneOf(Integer,Float,String)" + } + ], + "text" : "action_parameters_data" + } + ], + "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data", + "text" : "data", + "type" : "Array(Struct(action_parameters_data))", + "default" : "[]" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-opents-S-action_config-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-opents-S-action_config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-opents-S-action_config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-opents-S-action_config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "action_config" + } + ], + "hash" : "V-actions-S-actions-opents", + "text" : "opents", + "type" : "Map($name->Struct(action_config))" + }, + { + "doc" : "S3 Upload Action Config", + "refs" : [ + { + "doc" : "Action that takes incoming events and uploads them to the S3 API compatible service.", + "hash" : "T-actions-S-actions-s3-S-s3", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-s3-S-s3-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action that takes incoming events and uploads them to the S3 API compatible service.", + "refs" : [ + { + "doc" : "Set of parameters for the aggregated upload action.", + "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters", + "fields" : [ + { + "doc" : "Enables time-based aggregation of incoming events and uploading them to the S3 service as a single object.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-mode", + "text" : "mode", + "type" : "String(\"aggregated\")" + }, + { + "doc" : "Settings governing the file format of an upload containing aggregated events.", + "refs" : [ + { + "doc" : "Records (events) will be aggregated and uploaded as a CSV file.", + "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-s3_aggregated_container_csv", + "fields" : [ + { + "doc" : "Records (events) will be aggregated and uploaded as a CSV file.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-s3_aggregated_container_csv-type", + "text" : "type", + "type" : "String(\"csv\")" + }, + { + "doc" : "Event fields that will be ordered first as columns in the resulting CSV file.
\nRegardless of this setting, resulting CSV will contain all the fields of aggregated events, but all the columns not explicitly mentioned here will be ordered after the ones listed here in the lexicographical order.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-s3_aggregated_container_csv-column_order", + "text" : "column_order", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "s3_aggregated_container_csv" + } + ], + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container", + "text" : "container", + "type" : "OneOf(Struct(s3_aggregated_container_csv))", + "default" : "{type = csv}" + }, + { + "doc" : "Set of parameters governing the aggregation process.", + "refs" : [ + { + "doc" : "Set of parameters governing the aggregation process.", + "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation", + "fields" : [ + { + "doc" : "Amount of time events will be aggregated in a single object before uploading.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation-time_interval", + "text" : "time_interval", + "type" : "Duration(s)", + "default" : "\"30m\"" + }, + { + "doc" : "Number of records (events) allowed per each aggregated object. Each aggregated upload will contain no more than that number of events, but may contain less.
\nIf event rate is high enough, there obviously may be more than one aggregated upload during the same time interval. These uploads will have different, but consecutive sequence numbers, which will be a part of S3 object key.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation-max_records", + "text" : "max_records", + "type" : "Integer(1..+inf)", + "default" : "\"100000\"" + } + ], + "text" : "s3_aggregation" + } + ], + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation", + "text" : "aggregation", + "type" : "Struct(s3_aggregation)" + }, + { + "doc" : "The name of the S3 bucket.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-bucket", + "text" : "bucket", + "type" : "String" + }, + { + "doc" : "Template for the S3 object key of an aggregated upload.
\nTemplate may contain placeholders for the following variables:\n
    \n
  • ${action}: name of the action (required).
    • \n
  • ${node}: name of the EMQX node conducting the upload (required).
    • \n
  • ${datetime.{format}}: date and time when aggregation started, formatted according to the {format} string (required):\n
      \n
    • ${datetime.rfc3339utc}: RFC3339-formatted date and time in UTC,
      • \n
    • ${datetime.rfc3339}: RFC3339-formatted date and time in local timezone,
      • \n
    • ${datetime.unix}: Unix timestamp.
      • \n
    \n
    • \n
  • ${datetime_until.{format}}: date and time when aggregation ended, with the same formatting options.
    • \n
  • ${sequence}: sequence number of the aggregated upload within the same time interval (required).
    • \n
\nAll other placeholders are considered invalid. Note that placeholders marked as required will be added as a path suffix to the S3 object key if they are missing from the template.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-key", + "text" : "key", + "type" : "String" + }, + { + "doc" : "The ACL to use for the uploaded objects.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-acl", + "text" : "acl", + "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)" + }, + { + "doc" : "HTTP headers to include in the S3 object upload request.
\nUseful to specify content type, content encoding, etc. of the S3 object.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "The minimum part size for multipart uploads.
\nUploaded data will be accumulated in memory until this size is reached.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-min_part_size", + "text" : "min_part_size", + "type" : "Bytesize", + "default" : "\"5mb\"" + }, + { + "doc" : "The maximum part size for multipart uploads.
\nS3 uploader won't try to upload parts larger than this size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-max_part_size", + "text" : "max_part_size", + "type" : "Bytesize", + "default" : "\"5gb\"" + } + ], + "text" : "s3_aggregated_upload_parameters" + }, + { + "doc" : "Set of parameters for the upload action. Action supports templates in S3 bucket name, object key and object content.", + "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters", + "fields" : [ + { + "doc" : "The name of the S3 bucket.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-bucket", + "text" : "bucket", + "type" : "String" + }, + { + "doc" : "Key of the S3 object.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-key", + "text" : "key", + "type" : "String" + }, + { + "doc" : "The ACL to use for the uploaded objects.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-acl", + "text" : "acl", + "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)" + }, + { + "doc" : "HTTP headers to include in the S3 object upload request.
\nUseful to specify content type, content encoding, etc. of the S3 object.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Enables uploading of events to the S3 service as separate objects.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-mode", + "text" : "mode", + "type" : "String(\"direct\")", + "default" : "direct" + }, + { + "doc" : "Content of the S3 object being uploaded. Supports templates.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-content", + "text" : "content", + "type" : "String", + "default" : "\"${.}\"" + } + ], + "text" : "s3_direct_upload_parameters" + } + ], + "hash" : "V-actions-S-actions-s3-S-s3-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(s3_aggregated_upload_parameters),Struct(s3_direct_upload_parameters))" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-s3-S-s3-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-s3-S-s3-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-s3-S-s3-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"10ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "s3_upload_resource_opts" + } + ], + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts", + "text" : "resource_opts", + "type" : "Struct(s3_upload_resource_opts)", + "default" : "{}" + } + ], + "text" : "s3" + } + ], + "hash" : "V-actions-S-actions-s3", + "text" : "s3", + "type" : "Map($name->Struct(s3))" + }, + { + "doc" : "Timescale Action Config", + "refs" : [ + { + "doc" : "Configuration for PostgreSQL Action", + "hash" : "T-actions-S-actions-timescale-S-pgsql_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Configuration Parameters Specific to the PostgreSQL Action", + "refs" : [ + { + "doc" : "Configuration Parameters Specific to the PostgreSQL Action", + "hash" : "T-actions-S-actions-timescale-S-pgsql_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "pgsql_action" + } + ], + "hash" : "V-actions-S-actions-timescale", + "text" : "timescale", + "type" : "Map($name->Struct(pgsql_action))" + }, + { + "doc" : "TDengine Action Config", + "refs" : [ + { + "doc" : "Configuration for a TDengine bridge.", + "hash" : "T-actions-S-actions-tdengine-S-action_config", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "TDengine action parameters", + "refs" : [ + { + "doc" : "TDengine action parameters", + "hash" : "T-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Database name.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})\"" + }, + { + "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-undefined_vars_as_null", + "text" : "undefined_vars_as_null", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "action_config" + } + ], + "hash" : "V-actions-S-actions-tdengine", + "text" : "tdengine", + "type" : "Map($name->Struct(action_config))" + }, + { + "doc" : "HTTP Action Config", + "refs" : [ + { + "doc" : "Configuration for an HTTP action.", + "hash" : "T-actions-S-actions-http-S-http_action", + "fields" : [ + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-http-S-http_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-http-S-http_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-http-S-http_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "The parameters for HTTP action.", + "refs" : [ + { + "doc" : "The parameters for HTTP action.", + "hash" : "T-actions-S-actions-http-S-http_action-parameters-S-parameters_opts", + "fields" : [ + { + "doc" : "The URL path for this Action.
\nThis path will be appended to the Connector's url configuration to form the full\nURL address.\nTemplate with variables is allowed in this option. For example, /room/{$room_no}
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "The method of the HTTP request. All the available methods are: post, put, get, delete.
\nTemplate with variables is allowed.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-method", + "text" : "method", + "type" : "Enum(post,put,get,delete)", + "default" : "post" + }, + { + "doc" : "The headers of the HTTP request.
\nTemplate with variables is allowed.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}" + }, + { + "doc" : "The body of the HTTP request.
\nIf not provided, the body will be a JSON object of all the available fields.
\nThere, 'all the available fields' means the context of a MQTT message when\nthis webhook is triggered by receiving a MQTT message (the `local_topic` is set),\nor the context of the event when this webhook is triggered by a rule (i.e. this\nwebhook is used as an action of a rule).
\nTemplate with variables is allowed.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP request max retry times if failed.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + }, + { + "doc" : "Deprecated since v5.0.26.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "parameters_opts" + } + ], + "hash" : "V-actions-S-actions-http-S-http_action-parameters", + "text" : "parameters", + "type" : "Struct(parameters_opts)" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "http_action" + } + ], + "hash" : "V-actions-S-actions-http", + "aliases" : [ + "webhook" + ], + "text" : "http", + "type" : "Map($name->Struct(http_action))" + }, + { + "doc" : "Action to interact with a MySQL connector", + "refs" : [ + { + "doc" : "Action to interact with a MySQL connector", + "hash" : "T-actions-S-actions-mysql-S-mysql_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Additional parameters specific to this action type", + "refs" : [ + { + "doc" : "Additional parameters specific to this action type", + "hash" : "T-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))\"" + }, + { + "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters-undefined_vars_as_null", + "text" : "undefined_vars_as_null", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "mysql_action" + } + ], + "hash" : "V-actions-S-actions-mysql", + "text" : "mysql", + "type" : "Map($name->Struct(mysql_action))" + }, + { + "doc" : "Cassandra Action Config", + "refs" : [ + { + "doc" : "Action configs.", + "hash" : "T-actions-S-actions-cassandra-S-cassandra_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configs.", + "refs" : [ + { + "doc" : "Action specific configs.", + "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "CQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-parameters-S-action_parameters-cql", + "text" : "cql", + "type" : "String", + "default" : "\"insert into mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, ${timestamp})\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "cassandra_action" + } + ], + "hash" : "V-actions-S-actions-cassandra", + "text" : "cassandra", + "type" : "Map($name->Struct(cassandra_action))" + }, + { + "doc" : "ClickHouse Action Config", + "refs" : [ + { + "doc" : "Action configs.", + "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Action specific configs.", + "refs" : [ + { + "doc" : "Action specific configs.", + "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "The template string can contain ${field} placeholders for message metadata and payload field. Make sure that the inserted values are formatted and escaped correctly. [Prepared Statement](https://docs.emqx.com/en/enterprise/v5.0/data-integration/data-bridges.html#Prepared-Statement) is not supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})\"" + }, + { + "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-undefined_vars_as_null", + "text" : "undefined_vars_as_null", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The default value ',' works for the VALUES format. You can also use other separator if other format is specified. See [INSERT INTO Statement](https://clickhouse.com/docs/en/sql-reference/statements/insert-into).", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-batch_value_separator", + "text" : "batch_value_separator", + "type" : "String", + "default" : "\", \"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "clickhouse_action" + } + ], + "hash" : "V-actions-S-actions-clickhouse", + "text" : "clickhouse", + "type" : "Map($name->Struct(clickhouse_action))" + }, + { + "doc" : "InfluxDB Action Config", + "refs" : [ + { + "doc" : "Action to interact with a InfluxDB connector", + "hash" : "T-actions-S-actions-influxdb-S-influxdb_action", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Additional parameters specific to this action type", + "refs" : [ + { + "doc" : "Additional parameters specific to this action type", + "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "Conf of InfluxDB line protocol to write data points. It is a text-based format that provides the measurement, tag set, field set, and timestamp of a data point, and placeholder supported.\nSee also [InfluxDB 2.3 Line Protocol](https://docs.influxdata.com/influxdb/v2.3/reference/syntax/line-protocol/) and\n[InfluxDB 1.8 Line Protocol](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\nTLDR:
\n```\n[,=[,=]] =[,=] []\n```\nPlease note that a placeholder for an integer value must be annotated with a suffix `i`. For example `${payload.int_value}i`.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters-write_syntax", + "text" : "write_syntax", + "type" : "String" + }, + { + "doc" : "InfluxDB time precision.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters-precision", + "text" : "precision", + "type" : "Enum(ns,us,ms,s)", + "default" : "ms" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "influxdb_action" + } + ], + "hash" : "V-actions-S-actions-influxdb", + "text" : "influxdb", + "type" : "Map($name->Struct(influxdb_action))" + }, + { + "doc" : "Confluent Actions Config", + "refs" : [ + { + "doc" : "The configuration for an action.", + "hash" : "T-actions-S-actions-confluent_producer-S-actions", + "fields" : [ + { + "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in Confluent.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Confluent producer configs.", + "refs" : [ + { + "doc" : "Confluent producer configs.", + "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts", + "fields" : [ + { + "doc" : "Kafka topic name. Supports templates (e.g.: `t-${payload.t}`).
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "Template for rendering a message.", + "refs" : [ + { + "doc" : "Template for rendering a message.", + "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message", + "fields" : [ + { + "doc" : "Template for rendering message key. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-key", + "text" : "key", + "type" : "String", + "default" : "\"${.clientid}\"" + }, + { + "doc" : "Template to render Confluent message value. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then Confluent's NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-value", + "text" : "value", + "type" : "String", + "default" : "\"${.}\"" + } + ], + "text" : "kafka_message" + } + ], + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message", + "text" : "message", + "type" : "Struct(kafka_message)" + }, + { + "doc" : "Maximum duration for a per-partition producer to wait for messages in order to collect a batch to buffer.\nThe default value `0` means no wait. For non-memory buffer mode, it's advised to configure at least `5ms` for less IOPS.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_time", + "text" : "max_linger_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Maximum number of bytes for a per-partition producer to wait for messages in order to collect a batch to buffer.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_bytes", + "text" : "max_linger_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "Maximum bytes to collect in a Confluent message batch. Most of the Kafka brokers default to a limit of 1 MB batch size. EMQX's default value is less than 1 MB in order to compensate Kafka message encoding overheads (especially when each individual message is very small). When a single message is over the limit, it is still sent (as a single element batch).
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_batch_bytes", + "text" : "max_batch_bytes", + "type" : "Bytesize", + "default" : "\"896KB\"" + }, + { + "doc" : "Specify the method of compression.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-compression", + "text" : "compression", + "type" : "Enum(no_compression,snappy,gzip)", + "default" : "no_compression" + }, + { + "doc" : "Partition strategy is to tell the producer how to dispatch messages to partitions.\n\nrandom: Randomly pick a partition for each message.\nkey_dispatch: Assigns messages to partitions based on a hash of the message key,\nensuring consistent partition for messages with the same key.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partition_strategy", + "text" : "partition_strategy", + "type" : "Enum(random,key_dispatch)", + "default" : "random" + }, + { + "doc" : "The acknowledgement criteria for the partition leader. It determines the level of confirmation required from partition replicas before sending an acknowledgement back to the producer.\n\nall_isr: Require all in-sync replicas to acknowledge.\nleader_only: Require only the partition-leader's acknowledgement.\nnone: No need for Kafka to acknowledge at all.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-required_acks", + "text" : "required_acks", + "type" : "Enum(all_isr,leader_only,none)", + "default" : "all_isr" + }, + { + "doc" : "Provide a placeholder for message headers
\ne.g. ${pub_props}
\nNote that the value of the placeholder must be either an object:\n{\"foo\": \"bar\"}\nor an array of key-value pairs:\n[{\"key\": \"foo\", \"value\": \"bar\"}]
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_headers", + "text" : "kafka_headers", + "type" : "String" + }, + { + "doc" : "Please provide more key-value pairs for Confluent headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending to Confluent.", + "refs" : [ + { + "doc" : "Provide more key-value pairs for message headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending producing.", + "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers", + "fields" : [ + { + "doc" : "Key of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key", + "text" : "kafka_ext_header_key", + "type" : "String" + }, + { + "doc" : "Value of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value", + "text" : "kafka_ext_header_value", + "type" : "String" + } + ], + "text" : "producer_kafka_ext_headers" + } + ], + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers", + "text" : "kafka_ext_headers", + "type" : "Array(Struct(producer_kafka_ext_headers))" + }, + { + "doc" : "The encoding mode for headers.\n\n - `none`: Add only strings are added as header values\n - `json`: Encode header values as JSON string", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode", + "text" : "kafka_header_value_encode_mode", + "type" : "Enum(none,json)", + "default" : "none" + }, + { + "doc" : "The time interval for Confluent producer to discover increased number of partitions.\nAfter the number of partitions is increased in Confluent, EMQX will start taking the\ndiscovered partitions into account when dispatching messages per partition_strategy.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partition_count_refresh_interval", + "text" : "partition_count_refresh_interval", + "type" : "Duration(s)", + "default" : "\"60s\"" + }, + { + "doc" : "Limit the number of partitions to produce data for the given topic.\nThe special value `all_partitions` is to utilize all partitions for the topic.\nSetting this to a value which is greater than the total number of partitions in has no effect.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partitions_limit", + "text" : "partitions_limit", + "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))", + "default" : "all_partitions" + }, + { + "doc" : "The maximum number of message batches that the producer can send to each partition before it must wait for an acknowledgement.\nSetting a higher number can enhance throughput. However, value above 1 may lead to potential message reordering risks.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_inflight", + "text" : "max_inflight", + "type" : "Integer(1..+inf)", + "default" : "10" + }, + { + "doc" : "Configure producer message buffer.\n\nTell Confluent producer how to buffer messages when EMQX has more messages to send than Confluent can keep up, or when Confluent is down.", + "refs" : [ + { + "doc" : "Configure producer message buffer.\n\nTell Kafka producer how to buffer messages when EMQX has more messages to send than Kafka can keep up, or when Kafka is down.", + "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer", + "fields" : [ + { + "doc" : "Message buffer mode.\n\nmemory: Buffer all messages in memory. The messages will be lost in case of EMQX node restart\ndisk: Buffer all messages on disk. The messages on disk are able to survive EMQX node restart.\nhybrid: Buffer message in memory first, when up to certain limit (see segment_bytes config for more information), then start offloading messages to disk, Like memory mode, the messages will be lost in case of EMQX node restart.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode", + "text" : "mode", + "type" : "Enum(memory,disk,hybrid)", + "default" : "memory" + }, + { + "doc" : "Number of bytes allowed to buffer for each partition. When this limit is exceeded, older messages will be discarded to make room for new messages to be buffered.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit", + "text" : "per_partition_limit", + "type" : "Bytesize", + "default" : "\"2GB\"" + }, + { + "doc" : "Applicable when buffer mode is set to disk or hybrid.\nThis setting specifies the size of each buffer file stored on disk.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes", + "text" : "segment_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "Applicable when buffer mode is set to memory\nEMQX will drop old buffered messages under high memory pressure. The high memory threshold is defined in config sysmon.os.sysmem_high_watermark. NOTE: This config only works on Linux.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection", + "text" : "memory_overload_protection", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "producer_buffer" + } + ], + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer", + "text" : "buffer", + "type" : "Struct(producer_buffer)" + }, + { + "doc" : "Query mode. Optional 'sync/async', default 'async'.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(async,sync)", + "default" : "async" + }, + { + "doc" : "This parameter defines the timeout limit for synchronous queries. It applies only when the action query mode is configured to 'sync'.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-sync_query_timeout", + "text" : "sync_query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "producer_kafka_opts" + } + ], + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters", + "aliases" : [ + "kafka" + ], + "text" : "parameters", + "type" : "Struct(producer_kafka_opts)" + }, + { + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-actions-S-actions-confluent_producer-S-actions-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-actions-S-actions-confluent_producer-S-actions-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "actions" + } + ], + "hash" : "V-actions-S-actions-confluent_producer", + "text" : "confluent_producer", + "type" : "Map($name->Struct(actions))" + } + ], + "text" : "actions" + } + ], + "hash" : "V-actions", + "text" : "actions", + "type" : "Struct(actions)" + }, + { + "refs" : [ + { + "doc" : "Configuration for sources.", + "hash" : "T-sources-S-sources", + "fields" : [ + { + "doc" : "MQTT Subscriber Source Config", + "refs" : [ + { + "doc" : "Source configs.", + "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source", + "fields" : [ + { + "doc" : "The source config defines how this bridge receive messages from the remote RabbitMQ broker", + "refs" : [ + { + "doc" : "The source config defines how this bridge receive messages from the remote RabbitMQ broker", + "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters", + "fields" : [ + { + "doc" : "The queue name of the RabbitMQ broker.", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-queue", + "text" : "queue", + "type" : "String" + }, + { + "doc" : "A boolean value that indicates whether to wait for RabbitMQ to confirm message publication when using publisher confirms.", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-wait_for_publish_confirmations", + "text" : "wait_for_publish_confirmations", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Whether to use no_ack mode when consuming messages from the RabbitMQ broker.", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-no_ack", + "text" : "no_ack", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "source_parameters" + } + ], + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters", + "text" : "parameters", + "type" : "Struct(source_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "source_resource_opts" + } + ], + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts", + "text" : "resource_opts", + "type" : "Struct(source_resource_opts)", + "default" : "{}" + } + ], + "text" : "subscriber_source" + } + ], + "hash" : "V-sources-S-sources-rabbitmq", + "text" : "rabbitmq", + "type" : "Map($name->Struct(subscriber_source))" + }, + { + "doc" : "GCP PubSub Consumer Source Config", + "refs" : [ + { + "doc" : "Source configs.", + "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source", + "fields" : [ + { + "doc" : "Source configs.", + "refs" : [ + { + "doc" : "Source specific configs.", + "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters", + "fields" : [ + { + "doc" : "The GCP PubSub topic to publish messages to.", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "The maximum number of messages to retrieve from GCP PubSub in a single pull request. The actual number may be less than the specified value.", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters-pull_max_messages", + "text" : "pull_max_messages", + "type" : "Integer(1..+inf)", + "default" : "100" + } + ], + "text" : "source_parameters" + } + ], + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters", + "text" : "parameters", + "type" : "Struct(source_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + } + ], + "text" : "source_resource_opts" + } + ], + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts", + "text" : "resource_opts", + "type" : "Struct(source_resource_opts)", + "default" : "{}" + } + ], + "text" : "consumer_source" + } + ], + "hash" : "V-sources-S-sources-gcp_pubsub_consumer", + "text" : "gcp_pubsub_consumer", + "type" : "Map($name->Struct(consumer_source))" + }, + { + "doc" : "MQTT Subscriber Source Config", + "refs" : [ + { + "doc" : "Source configs.", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source", + "fields" : [ + { + "refs" : [ + { + "doc" : "Source specific configs.", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters", + "fields" : [ + { + "doc" : "Receive messages from which topic of the remote broker", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "The QoS level to be used when subscribing to the remote broker", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "1" + } + ], + "text" : "ingress_parameters" + } + ], + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters", + "text" : "parameters", + "type" : "Struct(ingress_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Creation options.", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "source_resource_opts" + } + ], + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts", + "text" : "resource_opts", + "type" : "Struct(source_resource_opts)", + "default" : "{}" + } + ], + "text" : "mqtt_subscriber_source" + } + ], + "hash" : "V-sources-S-sources-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(mqtt_subscriber_source))" + }, + { + "doc" : "Kafka Consumer Source Config", + "refs" : [ + { + "doc" : "Source configs.", + "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source", + "fields" : [ + { + "doc" : "Source configs.", + "refs" : [ + { + "doc" : "Source specific configs.", + "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters", + "fields" : [ + { + "doc" : "Kafka topic to consume from.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "Consumer group identifier to be used for this source. If omitted, one based off the source name will be automatically generated.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-group_id", + "text" : "group_id", + "type" : "String" + }, + { + "doc" : "Maximum amount of time that is waited for the Kafka broker to send a fetch response.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-max_wait_time", + "text" : "max_wait_time", + "type" : "Duration", + "default" : "\"1s\"" + }, + { + "doc" : "Set how many bytes to pull from Kafka in each fetch request.\nMessages are fetched in batches by the consumer, and if the first record batch in the first non-empty\npartition of the fetch is larger than this value, the record batch will still be returned to ensure\nthat the consumer can make progress. As such, this is not an absolute maximum. Set `1` for minimal latency.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-max_batch_bytes", + "text" : "max_batch_bytes", + "type" : "Bytesize", + "default" : "\"896KB\"" + }, + { + "doc" : "Defines from which offset a consumer should start fetching when there is no commit history or when the commit history becomes invalid.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-offset_reset_policy", + "text" : "offset_reset_policy", + "type" : "Enum(latest,earliest)", + "default" : "latest" + }, + { + "doc" : "Defines the time interval between two offset commit requests sent for each consumer group.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-offset_commit_interval_seconds", + "text" : "offset_commit_interval_seconds", + "type" : "Duration(s)", + "default" : "\"5s\"" + }, + { + "doc" : "Defines how the key from the Kafka message is encoded before being forwarded via MQTT.\nnone Uses the key from the Kafka message unchanged. Note: in this case, the key must be a valid UTF-8 string.\nbase64 Uses base-64 encoding on the received key.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-key_encoding_mode", + "text" : "key_encoding_mode", + "type" : "Enum(none,base64)", + "default" : "none" + }, + { + "doc" : "Defines how the value from the Kafka message is encoded before being forwarded via MQTT.\nnone Uses the value from the Kafka message unchanged. Note: in this case, the value must be a valid UTF-8 string.\nbase64 Uses base-64 encoding on the received value.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-value_encoding_mode", + "text" : "value_encoding_mode", + "type" : "Enum(none,base64)", + "default" : "none" + } + ], + "text" : "source_parameters" + } + ], + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters", + "text" : "parameters", + "type" : "Struct(source_parameters)" + }, + { + "doc" : "Name of the connector specified by the action, used for external resource selection.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "Tags to annotate this config entry.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "Descriptive text.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Resource options.", + "refs" : [ + { + "doc" : "Resource options.", + "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts", + "fields" : [ + { + "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "source_resource_opts" + } + ], + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts", + "text" : "resource_opts", + "type" : "Struct(source_resource_opts)", + "default" : "{}" + } + ], + "text" : "consumer_source" + } + ], + "hash" : "V-sources-S-sources-kafka_consumer", + "text" : "kafka_consumer", + "type" : "Map($name->Struct(consumer_source))" + } + ], + "text" : "sources" + } + ], + "hash" : "V-sources", + "text" : "sources", + "type" : "Struct(sources)" + }, + { + "refs" : [ + { + "doc" : "Configuration related to handling `PUBLISH` packets with a `retain` flag set to 1.", + "hash" : "T-retainer-S-retainer", + "fields" : [ + { + "doc" : "Expired retained messages will not be delivered again, and a setting of 0 means that retained messages will never expire.\n\nHowever, if the `Message-Expiry-Interval` property is specified in the MQTT message, the value of that property prevails.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-retainer-S-retainer-msg_expiry_interval", + "text" : "msg_expiry_interval", + "type" : "Duration", + "default" : "\"0s\"" + }, + { + "doc" : "If set, this value will take precedence over any `Message-Expiry-Interval` property specified in retained MQTT messages, allowing messages to expire earlier if necessary. This override only applies to the garbage collection process: it does not affect the expiry time of messages being written nor that of already written messages while iterating over them. Therefore, messages that are candidate for garbage collection when overridden may still be visible when subscribing to retained topics.", + "hash" : "V-retainer-S-retainer-msg_expiry_interval_override", + "text" : "msg_expiry_interval_override", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "disabled" + }, + { + "doc" : "If true, retained messages set to never expire (i.e., whose `Message-Expiry-Interval = 0`) are not affected by the expiry time override. This configuration only takes effect when `msg_expiry_interval_override` is set.", + "hash" : "V-retainer-S-retainer-allow_never_expire", + "text" : "allow_never_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The time interval for checking and clearing expired retained messages. This can prevent expired retained messages from being stored for a long time.\n\nIf `msg_clear_interval` is set to 0, that is, expired retained messages are not actively checked regularly, EMQX will only check and delete expired retained messages when preparing for delivery.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-retainer-S-retainer-msg_clear_interval", + "text" : "msg_clear_interval", + "type" : "Duration", + "default" : "\"0s\"" + }, + { + "doc" : "The maximum size of retained messages allowed to be stored. EMQX will refuse to store retained messages larger than this size and output an Error log with the keyword 'retain_failed_for_payload_size_exceeded_limit'.\n\n0 means unlimited retained message size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-retainer-S-retainer-max_payload_size", + "text" : "max_payload_size", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "When the retained flag of the `PUBLISH` message is set and Payload is empty,\nwhether to continue to publish the message.\nSee:\nhttp://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718038", + "hash" : "V-retainer-S-retainer-stop_publish_clear_msg", + "text" : "stop_publish_clear_msg", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The maximum rate of delivering retained messages", + "hash" : "V-retainer-S-retainer-delivery_rate", + "aliases" : [ + "deliver_rate" + ], + "text" : "delivery_rate", + "type" : "String", + "default" : "\"1000/s\"" + }, + { + "doc" : "Settings for the database storing the retained messages.", + "refs" : [ + { + "doc" : "Configuration of the internal database storing retained messages.", + "hash" : "T-retainer-S-retainer-backend-S-mnesia_config", + "fields" : [ + { + "doc" : "Backend type.", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-type", + "text" : "type", + "type" : "String(\"built_in_database\")", + "default" : "built_in_database" + }, + { + "doc" : "Specifies whether the messages are stored in RAM or persisted on disc.", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-storage_type", + "text" : "storage_type", + "type" : "Enum(ram,disc)", + "default" : "ram" + }, + { + "doc" : "Maximum number of retained messages. 0 means no limit.", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-max_retained_messages", + "text" : "max_retained_messages", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Retainer index specifications: list of arrays of positive ascending integers. Each array specifies an index. Numbers in an index specification are 1-based word positions in topics. Words from specified positions will be used for indexing.
For example, it is good to have [2, 4] index to optimize +/X/+/Y/... topic wildcard subscriptions.", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-index_specs", + "text" : "index_specs", + "type" : "Array(Integer)", + "default" : "[[1, 2, 3], [1, 3], [2, 3], [3]]" + } + ], + "text" : "mnesia_config" + } + ], + "hash" : "V-retainer-S-retainer-backend", + "text" : "backend", + "type" : "Struct(mnesia_config)" + } + ], + "text" : "retainer" + } + ], + "hash" : "V-retainer", + "text" : "retainer", + "type" : "Struct(retainer)" + }, + { + "refs" : [ + { + "doc" : "Settings for the delayed module.", + "hash" : "T-delayed-S-delayed", + "fields" : [ + { + "doc" : "Maximum number of delayed messages (0 is no limit).", + "hash" : "V-delayed-S-delayed-max_delayed_messages", + "text" : "max_delayed_messages", + "type" : "Integer", + "default" : "0" + } + ], + "text" : "delayed" + } + ], + "hash" : "V-delayed", + "text" : "delayed", + "type" : "Struct(delayed)" + }, + { + "refs" : [ + { + "doc" : "Manage EMQX plugins.
\nPlugins can be pre-built as a part of EMQX package,\nor installed as a standalone package in a location specified by\ninstall_dir config key
\nThe standalone-installed plugins are referred to as 'external' plugins.", + "hash" : "T-plugins-S-plugins", + "fields" : [ + { + "doc" : "An array of plugins in the desired states.
\nThe plugins are started in the defined order", + "refs" : [ + { + "doc" : "A per-plugin config to describe the desired state of the plugin.", + "hash" : "T-plugins-S-plugins-states-S-state", + "fields" : [ + { + "doc" : "The `{name}-{version}` of the plugin.
\nIt should match the plugin application name-version as plugin release package name
\nFor example: `my_plugin-0.1.0`.", + "hash" : "V-plugins-S-plugins-states-S-state-name_vsn", + "text" : "name_vsn", + "type" : "String" + } + ], + "text" : "state" + } + ], + "hash" : "V-plugins-S-plugins-states", + "text" : "states", + "type" : "Array(Struct(state))", + "default" : "[]" + }, + { + "doc" : "The installation directory for the external plugins.\nThe plugin beam files and configuration files should reside in\nthe subdirectory named as emqx_foo_bar-0.1.0.\n
\nNOTE: For security reasons, this directory should **NOT** be writable\nby anyone except emqx (or any user which runs EMQX).", + "hash" : "V-plugins-S-plugins-install_dir", + "text" : "install_dir", + "type" : "String", + "default" : "plugins" + }, + { + "doc" : "Deprecated since 5.0.24.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-plugins-S-plugins-check_interval", + "text" : "check_interval", + "type" : "Duration" + } + ], + "text" : "plugins" + } + ], + "hash" : "V-plugins", + "text" : "plugins", + "type" : "Struct(plugins)" + }, + { + "refs" : [ + { + "doc" : "Configuration for EMQX dashboard.", + "hash" : "T-dashboard-S-dashboard", + "fields" : [ + { + "doc" : "HTTP(s) listeners are identified by their protocol type and are\nused to serve dashboard UI and restful HTTP API.\nListeners must have a unique combination of port number and IP address.\nFor example, an HTTP listener can listen on all configured IP addresses\non a given port for a machine by specifying the IP address 0.0.0.0.\nAlternatively, the HTTP listener can specify a unique IP address for each listener,\nbut use the same port.", + "refs" : [ + { + "doc" : "Configuration for the dashboard listener.", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners", + "fields" : [ + { + "doc" : "TCP listeners", + "refs" : [ + { + "doc" : "Configuration for the dashboard listener (plaintext).", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-http-S-http", + "fields" : [ + { + "doc" : "Bind the listener to a specified address and port number, for example `127.0.0.1:18083`.\nIf configured with just the port number (e.g. `18083`) it's equivalent to binding to all addresses `0.0.0.0`.\nThe listener is disabled if `bind` is `0`.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-bind", + "text" : "bind", + "type" : "String", + "default" : "0" + }, + { + "doc" : "Socket acceptor pool size for TCP protocols. Default is the number of schedulers online", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-num_acceptors", + "text" : "num_acceptors", + "type" : "Integer", + "default" : "2" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-max_connections", + "text" : "max_connections", + "type" : "Integer", + "default" : "512" + }, + { + "doc" : "Defines the maximum length that the queue of pending connections can grow to.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-backlog", + "text" : "backlog", + "type" : "Integer", + "default" : "1024" + }, + { + "doc" : "Send timeout for the socket.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Enable IPv6 support, default is false, which means IPv4 only.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-inet6", + "text" : "inet6", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Disable IPv4-to-IPv6 mapping for the listener.\nThe configuration is only valid when the inet6 is true.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-ipv6_v6only", + "text" : "ipv6_v6only", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Enable support for `HAProxy` header. Be aware once enabled regular HTTP requests can't be handled anymore.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-proxy_header", + "text" : "proxy_header", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "http" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http", + "text" : "http", + "type" : "Struct(http)" + }, + { + "doc" : "SSL listeners", + "refs" : [ + { + "doc" : "Configuration for the dashboard listener (TLS).", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https", + "fields" : [ + { + "doc" : "Bind the listener to a specified address and port number, for example `127.0.0.1:18083`.\nIf configured with just the port number (e.g. `18083`) it's equivalent to binding to all addresses `0.0.0.0`.\nThe listener is disabled if `bind` is `0`.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-bind", + "text" : "bind", + "type" : "String", + "default" : "0" + }, + { + "doc" : "SSL/TLS options for the dashboard listener.", + "refs" : [ + { + "doc" : "SSL/TLS options for the dashboard listener.", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ssl_options" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_options)" + }, + { + "doc" : "Socket acceptor pool size for TCP protocols. Default is the number of schedulers online", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-num_acceptors", + "text" : "num_acceptors", + "type" : "Integer", + "default" : "2" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-max_connections", + "text" : "max_connections", + "type" : "Integer", + "default" : "512" + }, + { + "doc" : "Defines the maximum length that the queue of pending connections can grow to.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-backlog", + "text" : "backlog", + "type" : "Integer", + "default" : "1024" + }, + { + "doc" : "Send timeout for the socket.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Enable IPv6 support, default is false, which means IPv4 only.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-inet6", + "text" : "inet6", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Disable IPv4-to-IPv6 mapping for the listener.\nThe configuration is only valid when the inet6 is true.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ipv6_v6only", + "text" : "ipv6_v6only", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Enable support for `HAProxy` header. Be aware once enabled regular HTTP requests can't be handled anymore.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-proxy_header", + "text" : "proxy_header", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "https" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https", + "text" : "https", + "type" : "Struct(https)" + } + ], + "text" : "listeners" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners", + "text" : "listeners", + "type" : "Struct(listeners)" + }, + { + "doc" : "The password used to initialize a database record for `admin` user.\nNOTE: Changing the default password after it has been initialized (boot up for the fist time) has no effect.\nOnce initialized, the default password `public` must be changed from dashboard or CLI as soon as possible.", + "hash" : "V-dashboard-S-dashboard-default_password", + "text" : "default_password", + "type" : "String", + "default" : "public" + }, + { + "doc" : "JWT token expiration time. Default is 60 minutes
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-token_expired_time", + "text" : "token_expired_time", + "type" : "Duration", + "default" : "\"60m\"" + }, + { + "doc" : "Support Cross-Origin Resource Sharing (CORS).\nAllows a server to indicate any origins (domain, scheme, or port) other than\nits own from which a browser should permit loading resources.", + "hash" : "V-dashboard-S-dashboard-cors", + "text" : "cors", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Enable or disable support for swagger API documentation.", + "hash" : "V-dashboard-S-dashboard-swagger_support", + "text" : "swagger_support", + "type" : "Boolean", + "default" : "true" + }, + { + "refs" : [ + { + "doc" : "Dashboard Single Sign-On", + "hash" : "T-dashboard-S-dashboard-sso-S-sso", + "fields" : [ + { + "refs" : [ + { + "doc" : "LDAP", + "hash" : "T-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap", + "fields" : [ + { + "doc" : "Whether to enable this backend.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Backend type.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-backend", + "text" : "backend", + "type" : "Enum(ldap)" + }, + { + "doc" : "Timeout for the LDAP query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe LDAP default port 389 is used if `[:Port]` is not specified.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "The name of the base object entry (or possibly the root) relative to\nwhich the Search is to be performed.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "The filter for matching users in LDAP is by default `(&(objectClass=person)(uid=${username}))`. For Active Directory, it should be set to `(&(objectClass=user)(sAMAccountName=${username}))` by default. Please refer to [LDAP Filters](https://ldap.com/ldap-filters/) for more details.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(& (objectClass=person) (uid=${username}))\"" + }, + { + "doc" : "Sets the maximum time in milliseconds that is used for each individual request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "SSL connection settings.", + "hash" : "T-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + } + ], + "text" : "ldap" + } + ], + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap", + "text" : "ldap", + "type" : "Struct(ldap)" + }, + { + "refs" : [ + { + "doc" : "OIDC", + "hash" : "T-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc", + "fields" : [ + { + "doc" : "Whether to enable this backend.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Backend type.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-backend", + "text" : "backend", + "type" : "Enum(oidc)" + }, + { + "doc" : "The URL of the OIDC issuer.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-issuer", + "text" : "issuer", + "type" : "String" + }, + { + "doc" : "The clientId for this backend.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-clientid", + "text" : "clientid", + "type" : "String" + }, + { + "doc" : "The client secret.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-secret", + "text" : "secret", + "type" : "Secret" + }, + { + "doc" : "The scopes, its default value is `[\"openid\"]`.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-scopes", + "text" : "scopes", + "type" : "Array(String)", + "default" : "[openid]" + }, + { + "doc" : "A template to map OIDC user information to a Dashboard name, its default value is `${sub}`.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-name_var", + "text" : "name_var", + "type" : "String", + "default" : "\"${sub}\"" + }, + { + "doc" : "The address of the EMQX Dashboard.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-dashboard_addr", + "text" : "dashboard_addr", + "type" : "String", + "default" : "\"http://127.0.0.1:18083\"" + }, + { + "doc" : "The valid time span for an OIDC `state`, the default is `30s`, if the code response returned by the authorization server exceeds this time span, it will be treated as invalid.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-session_expiry", + "text" : "session_expiry", + "type" : "Duration(s)", + "default" : "\"30s\"" + }, + { + "doc" : "Whether to require PKCE when getting the token.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-require_pkce", + "text" : "require_pkce", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Set the valid authentication methods and their priority.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-preferred_auth_methods", + "text" : "preferred_auth_methods", + "type" : "Array(Enum(private_key_jwt,client_secret_jwt,client_secret_post,client_secret_basic,none))", + "default" : "[client_secret_post, client_secret_basic, none]" + }, + { + "doc" : "The OIDC provider.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-provider", + "text" : "provider", + "type" : "Enum(okta,generic)", + "default" : "generic" + }, + { + "doc" : "Some providers do not provide all the method items in the provider configuration, set this value as a fallback for those items.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-fallback_methods", + "text" : "fallback_methods", + "type" : "Array(String)", + "default" : "[RS256]" + }, + { + "doc" : "Set JWK or JWKS here to enable the `private_key_jwt` authorization or the `DPoP` extension.", + "refs" : [ + { + "doc" : "Set JWKS from file.", + "hash" : "T-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks", + "fields" : [ + { + "doc" : "The JWKS source type.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks-type", + "text" : "type", + "type" : "Enum(file)" + }, + { + "doc" : "The content of the JWKS.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks-file", + "text" : "file", + "type" : "String" + } + ], + "text" : "client_file_jwks" + } + ], + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks", + "text" : "client_jwks", + "type" : "OneOf(String(\"none\"),Struct(client_file_jwks))", + "default" : "none" + } + ], + "text" : "oidc" + } + ], + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc", + "text" : "oidc", + "type" : "Struct(oidc)" + }, + { + "refs" : [ + { + "doc" : "saml", + "hash" : "T-dashboard-S-dashboard-sso-S-sso-saml-S-saml", + "fields" : [ + { + "doc" : "Whether to enable this backend.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Backend type.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-backend", + "text" : "backend", + "type" : "Enum(saml)" + }, + { + "doc" : "The address of the EMQX Dashboard.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-dashboard_addr", + "text" : "dashboard_addr", + "type" : "String", + "default" : "\"https://127.0.0.1:18083\"" + }, + { + "doc" : "The URL of the IdP metadata.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-idp_metadata_url", + "text" : "idp_metadata_url", + "type" : "String", + "default" : "\"https://idp.example.com\"" + }, + { + "doc" : "Whether to sign the SAML request.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_sign_request", + "text" : "sp_sign_request", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The public key of the SP.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_public_key", + "text" : "sp_public_key", + "type" : "String", + "default" : "\"Pub Key\"" + }, + { + "doc" : "The private key of the SP.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_private_key", + "text" : "sp_private_key", + "type" : "String" + } + ], + "text" : "saml" + } + ], + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml", + "text" : "saml", + "type" : "Struct(saml)" + } + ], + "text" : "sso" + } + ], + "hash" : "V-dashboard-S-dashboard-sso", + "text" : "sso", + "type" : "Struct(sso)" + } + ], + "text" : "dashboard" + } + ], + "hash" : "V-dashboard", + "text" : "dashboard", + "type" : "Struct(dashboard)" + }, + { + "refs" : [ + { + "doc" : "EMQX Gateway configuration root.", + "hash" : "T-gateway-S-gateway", + "fields" : [ + { + "refs" : [ + { + "doc" : "The CoAP protocol gateway provides EMQX with the access capability of the CoAP protocol.\nIt allows publishing, subscribing, and receiving messages to EMQX in accordance\nwith a certain defined CoAP message format.", + "hash" : "T-gateway-S-gateway-coap-S-coap", + "fields" : [ + { + "doc" : "The gateway server required minimum heartbeat interval.\nWhen connection mode is enabled, this parameter is used to set the minimum heartbeat interval for the connection to be alive
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-heartbeat", + "text" : "heartbeat", + "type" : "Duration(s)", + "default" : "\"30s\"" + }, + { + "doc" : "Enable or disable connection mode.\nConnection mode is a feature of non-standard protocols. When connection mode is enabled, it is necessary to maintain the creation, authentication and alive of connection resources", + "hash" : "V-gateway-S-gateway-coap-S-coap-connection_required", + "text" : "connection_required", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The Notification Message will be delivered to the CoAP client if a new message received on an observed topic.\nThe type of delivered coap message can be set to:
\n - non: Non-confirmable;
\n - con: Confirmable;
\n - qos: Mapping from QoS type of received message, QoS0 -> non, QoS1,2 -> con", + "hash" : "V-gateway-S-gateway-coap-S-coap-notify_type", + "text" : "notify_type", + "type" : "Enum(non,con,qos)", + "default" : "qos" + }, + { + "doc" : "The Default QoS Level indicator for subscribe request.\nThis option specifies the QoS level for the CoAP Client when establishing a subscription membership, if the subscribe request is not carried `qos` option. The indicator can be set to:
\n - qos0, qos1, qos2: Fixed default QoS level
\n - coap: Dynamic QoS level by the message type of subscribe request
\n * qos0: If the subscribe request is non-confirmable
\n * qos1: If the subscribe request is confirmable", + "hash" : "V-gateway-S-gateway-coap-S-coap-subscribe_qos", + "text" : "subscribe_qos", + "type" : "Enum(qos0,qos1,qos2,coap)", + "default" : "coap" + }, + { + "doc" : "The Default QoS Level indicator for publish request.\nThis option specifies the QoS level for the CoAP Client when publishing a message to EMQX PUB/SUB system, if the publish request is not carried `qos` option. The indicator can be set to:
\n - qos0, qos1, qos2: Fixed default QoS level
\n - coap: Dynamic QoS level by the message type of publish request
\n * qos0: If the publish request is non-confirmable
\n * qos1: If the publish request is confirmable", + "hash" : "V-gateway-S-gateway-coap-S-coap-publish_qos", + "text" : "publish_qos", + "type" : "Enum(qos0,qos1,qos2,coap)", + "default" : "coap" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-coap-S-coap-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS socket options", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-coap-S-coap-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-coap-S-coap-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "coap" + } + ], + "hash" : "V-gateway-S-gateway-coap", + "text" : "coap", + "type" : "Struct(coap)" + }, + { + "refs" : [ + { + "doc" : "Settings for EMQX extension protocol (exproto).", + "hash" : "T-gateway-S-gateway-exproto-S-exproto", + "fields" : [ + { + "doc" : "Configurations for starting the ConnectionAdapter service", + "refs" : [ + { + "doc" : "Settings for the exproto gRPC server.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server", + "fields" : [ + { + "doc" : "Listening address and port for the gRPC server.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "SSL configuration for the gRPC server.", + "refs" : [ + { + "doc" : "SSL configuration for the server.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ssl_server_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_server_opts)" + } + ], + "text" : "exproto_grpc_server" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server", + "text" : "server", + "type" : "Struct(exproto_grpc_server)" + }, + { + "doc" : "Configurations for request to ConnectionHandler service", + "refs" : [ + { + "doc" : "Settings for the exproto gRPC connection handler.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler", + "fields" : [ + { + "doc" : "gRPC server address.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-address", + "text" : "address", + "type" : "String" + }, + { + "doc" : "The service name to handle the connection events.\nIn the initial version, we expected to use streams to improve the efficiency\nof requests in `ConnectionHandler`. But unfortunately, events between different\nstreams are out of order. It causes the `OnSocketCreated` event to may arrive\nlater than `OnReceivedBytes`.\nSo we added the `ConnectionUnaryHandler` service since v5.0.25 and forced\nthe use of Unary in it to avoid ordering problems.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-service_name", + "text" : "service_name", + "type" : "OneOf(String(\"ConnectionHandler\"),String(\"ConnectionUnaryHandler\"))", + "default" : "ConnectionUnaryHandler" + }, + { + "doc" : "SSL configuration for the gRPC client.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)" + } + ], + "text" : "exproto_grpc_handler" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler", + "text" : "handler", + "type" : "Struct(exproto_grpc_handler)" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for TCP and UDP listeners.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket options.", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS socket options", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "tcp_udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners", + "text" : "listeners", + "type" : "Struct(tcp_udp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "exproto" + } + ], + "hash" : "V-gateway-S-gateway-exproto", + "text" : "exproto", + "type" : "Struct(exproto)" + }, + { + "refs" : [ + { + "doc" : "The GBT-32960 gateway", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960", + "fields" : [ + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"gbt32960/${clientid}/\"" + }, + { + "doc" : "Re-send time interval
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-retry_interval", + "text" : "retry_interval", + "type" : "Duration", + "default" : "\"8s\"" + }, + { + "doc" : "Re-send max times", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-max_retry_times", + "text" : "max_retry_times", + "type" : "Integer(0..+inf)", + "default" : "3" + }, + { + "doc" : "Max message queue length", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-message_queue_len", + "text" : "message_queue_len", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "refs" : [ + { + "doc" : "Settings for the TCP listeners.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket options.", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + } + ], + "text" : "tcp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners", + "text" : "listeners", + "type" : "Struct(tcp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "gbt32960" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960", + "text" : "gbt32960", + "type" : "Struct(gbt32960)" + }, + { + "refs" : [ + { + "doc" : "The JT/T 808 protocol gateway provides EMQX with the ability to access JT/T 808 protocol devices.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808", + "fields" : [ + { + "refs" : [ + { + "doc" : "Limits for the JT/T 808 frames.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-frame-S-jt808_frame", + "fields" : [ + { + "doc" : "The maximum length of the JT/T 808 frame.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-frame-S-jt808_frame-max_length", + "text" : "max_length", + "type" : "Integer(0..+inf)", + "default" : "8192" + } + ], + "text" : "jt808_frame" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-frame", + "text" : "frame", + "type" : "Struct(jt808_frame)" + }, + { + "refs" : [ + { + "doc" : "The JT/T 808 protocol options.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto", + "fields" : [ + { + "doc" : "Authentication settings of the JT/T 808 Gateway.", + "refs" : [ + { + "doc" : "Allow anonymous access to the JT/T 808 Gateway.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true", + "fields" : [ + { + "doc" : "Allow anonymous access to the JT/T 808 Gateway.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-allow_anonymous", + "text" : "allow_anonymous", + "type" : "OneOf(String(\"true\"))" + }, + { + "doc" : "The JT/T 808 device registry central URL.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-registry", + "text" : "registry", + "type" : "String" + }, + { + "doc" : "The JT/T 808 device authentication central URL.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-authentication", + "text" : "authentication", + "type" : "String" + } + ], + "text" : "anonymous_true" + }, + { + "doc" : "Allow anonymous access to the JT/T 808 Gateway.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false", + "fields" : [ + { + "doc" : "Allow anonymous access to the JT/T 808 Gateway.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-allow_anonymous", + "text" : "allow_anonymous", + "type" : "OneOf(String(\"false\"))" + }, + { + "doc" : "The JT/T 808 device registry central URL.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-registry", + "text" : "registry", + "type" : "String" + }, + { + "doc" : "The JT/T 808 device authentication central URL.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-authentication", + "text" : "authentication", + "type" : "String" + } + ], + "text" : "anonymous_false" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth", + "text" : "auth", + "type" : "OneOf(Struct(anonymous_true),Struct(anonymous_false))" + }, + { + "doc" : "The topic of the JT/T 808 protocol upstream message.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-up_topic", + "text" : "up_topic", + "type" : "String", + "default" : "\"jt808/${clientid}/${phone}/up\"" + }, + { + "doc" : "The topic of the JT/T 808 protocol downstream message.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-dn_topic", + "text" : "dn_topic", + "type" : "String", + "default" : "\"jt808/${clientid}/${phone}/dn\"" + } + ], + "text" : "jt808_proto" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto", + "text" : "proto", + "type" : "Struct(jt808_proto)" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"jt808/${clientid}/\"" + }, + { + "doc" : "Re-send time interval
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-retry_interval", + "text" : "retry_interval", + "type" : "Duration", + "default" : "\"8s\"" + }, + { + "doc" : "Re-send max times", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-max_retry_times", + "text" : "max_retry_times", + "type" : "Integer(0..+inf)", + "default" : "3" + }, + { + "doc" : "Max message queue length", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-message_queue_len", + "text" : "message_queue_len", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "refs" : [ + { + "doc" : "Settings for the TCP listeners.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket options.", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + } + ], + "text" : "tcp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners", + "text" : "listeners", + "type" : "Struct(tcp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "jt808" + } + ], + "hash" : "V-gateway-S-gateway-jt808", + "text" : "jt808", + "type" : "Struct(jt808)" + }, + { + "refs" : [ + { + "doc" : "The LwM2M protocol gateway.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m", + "fields" : [ + { + "doc" : "The Directory for LwM2M Resource definition.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-xml_dir", + "text" : "xml_dir", + "type" : "String" + }, + { + "doc" : "Minimum value of lifetime allowed to be set by the LwM2M client.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_min", + "text" : "lifetime_min", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Maximum value of lifetime allowed to be set by the LwM2M client.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_max", + "text" : "lifetime_max", + "type" : "Duration", + "default" : "\"86400s\"" + }, + { + "doc" : "The value of the time window during which the network link is considered valid by the LwM2M Gateway in QMode mode.\nFor example, after receiving an update message from a client, any messages within this time window are sent directly to the LwM2M client, and all messages beyond this time window are temporarily stored in memory.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-qmode_time_window", + "text" : "qmode_time_window", + "type" : "Duration(s)", + "default" : "\"22s\"" + }, + { + "doc" : "Automatically observe the object list of REGISTER packet.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-auto_observe", + "text" : "auto_observe", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Policy for publishing UPDATE event message.
\n - always: send update events as long as the UPDATE request is received.
\n - contains_object_list: send update events only if the UPDATE request carries any Object List", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-update_msg_publish_condition", + "text" : "update_msg_publish_condition", + "type" : "Enum(always,contains_object_list)", + "default" : "contains_object_list" + }, + { + "doc" : "Topic configuration for LwM2M's gateway publishing and subscription.", + "refs" : [ + { + "doc" : "MQTT topics that correspond to LwM2M events.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators", + "fields" : [ + { + "doc" : "The topic for receiving downstream commands.\nFor each new LwM2M client that succeeds in going online, the gateway creates a subscription relationship to receive downstream commands and send it to the LwM2M client", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator", + "fields" : [ + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS Level", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command", + "text" : "command", + "type" : "Struct(translator)" + }, + { + "doc" : "The topic for gateway to publish the acknowledge events from LwM2M client", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator", + "fields" : [ + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS Level", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response", + "text" : "response", + "type" : "Struct(translator)" + }, + { + "doc" : "The topic for gateway to publish the notify events from LwM2M client.\nAfter succeed observe a resource of LwM2M client, Gateway will send the notify events via this topic, if the client reports any resource changes", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator", + "fields" : [ + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS Level", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify", + "text" : "notify", + "type" : "Struct(translator)" + }, + { + "doc" : "The topic for gateway to publish the register events from LwM2M client.", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator", + "fields" : [ + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS Level", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register", + "text" : "register", + "type" : "Struct(translator)" + }, + { + "doc" : "The topic for gateway to publish the update events from LwM2M client", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator", + "fields" : [ + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS Level", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update", + "text" : "update", + "type" : "Struct(translator)" + } + ], + "text" : "lwm2m_translators" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators", + "text" : "translators", + "type" : "Struct(lwm2m_translators)" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"lwm2m/${endpoint_name}/\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS socket options", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "lwm2m" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m", + "text" : "lwm2m", + "type" : "Struct(lwm2m)" + }, + { + "refs" : [ + { + "doc" : "The MQTT-SN (MQTT for Sensor Networks) protocol gateway.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn", + "fields" : [ + { + "doc" : "MQTT-SN Gateway ID.\nWhen the broadcast option is enabled, the gateway will broadcast ADVERTISE message with this value", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-gateway_id", + "text" : "gateway_id", + "type" : "Integer", + "default" : "1" + }, + { + "doc" : "Whether to periodically broadcast ADVERTISE messages", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-broadcast", + "text" : "broadcast", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Allows connectionless clients to publish messages with a Qos of -1.\nThis feature is defined for very simple client implementations which do not support any other features except this one. There is no connection setup nor tear down, no registration nor subscription. The client just sends its 'PUBLISH' messages to a GW", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_qos3", + "text" : "enable_qos3", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Whether to initiate all subscribed topic name registration messages to the client after the Session has been taken over by a new channel", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-subs_resume", + "text" : "subs_resume", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The pre-defined topic IDs and topic names.\nA 'pre-defined' topic ID is a topic ID whose mapping to a topic name is known in advance by both the client's application and the gateway", + "refs" : [ + { + "doc" : "The pre-defined topic name corresponding to the pre-defined topic\nID of N.\n\nNote: the pre-defined topic ID of 0 is reserved.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined", + "fields" : [ + { + "doc" : "Topic ID. Range: 1-65535", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-id", + "text" : "id", + "type" : "Integer(1..1024)" + }, + { + "doc" : "Topic Name", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-topic", + "text" : "topic", + "type" : "String" + } + ], + "text" : "mqttsn_predefined" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined", + "text" : "predefined", + "type" : "Array(Struct(mqttsn_predefined))", + "default" : "[]" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "The content of the request.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "The content to reply.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "Allow local reuse of port numbers.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS socket options", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "mqttsn" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn", + "text" : "mqttsn", + "type" : "Struct(mqttsn)" + }, + { + "refs" : [ + { + "doc" : "The OCPP gateway", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp", + "fields" : [ + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"ocpp/\"" + }, + { + "doc" : "The default Heartbeat time interval
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-default_heartbeat_interval", + "text" : "default_heartbeat_interval", + "type" : "Duration(s)", + "default" : "\"60s\"" + }, + { + "doc" : "The backoff for heartbeat checking times", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-heartbeat_checking_times_backoff", + "text" : "heartbeat_checking_times_backoff", + "type" : "Integer", + "default" : "1" + }, + { + "refs" : [ + { + "doc" : "Upload stream topic to notify third-party system what's messages/events reported by Charge Point. Available placeholders:\n- cid: Charge Point ID\n- clientid: Equal to Charge Point ID\n- action: Message Name in OCPP", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream", + "fields" : [ + { + "doc" : "The topic for Upload stream Call Request messages.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-topic", + "text" : "topic", + "type" : "String", + "default" : "\"cp/${cid}\"" + }, + { + "doc" : "Upload stream topic override mapping by Message Name.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-topic_override_mapping", + "text" : "topic_override_mapping", + "type" : "Map($name->String)", + "default" : "{}" + }, + { + "doc" : "The topic for Upload stream Reply messages.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-reply_topic", + "text" : "reply_topic", + "type" : "String", + "default" : "\"cp/${cid}/Reply\"" + }, + { + "doc" : "The topic for Upload stream error topic.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-error_topic", + "text" : "error_topic", + "type" : "String", + "default" : "\"cp/${cid}/Reply\"" + } + ], + "text" : "upstream" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream", + "text" : "upstream", + "type" : "Struct(upstream)" + }, + { + "refs" : [ + { + "doc" : "Download stream topic to forward the system message to device. Available placeholders:\n- cid: Charge Point ID\n- clientid: Equal to Charge Point ID\n- action: Message Name in OCPP", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream", + "fields" : [ + { + "doc" : "Download stream topic to receive request/control messages from third-party system.\nThis value is a wildcard topic name that subscribed by every connected Charge Point.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream-topic", + "text" : "topic", + "type" : "String", + "default" : "\"cs/${cid}\"" + }, + { + "doc" : "The maximum message queue length for download stream message delivery.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream-max_mqueue_len", + "text" : "max_mqueue_len", + "type" : "Integer", + "default" : "100" + } + ], + "text" : "dnstream" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream", + "text" : "dnstream", + "type" : "Struct(dnstream)" + }, + { + "doc" : "Whether to enable message format legality checking.\nEMQX checks the message format of the upload stream and download stream against the\nformat defined in json-schema.\nWhen the check fails, emqx will reply with a corresponding answer message.\n\nThe checking strategy can be one of the following values:\n- all: check all messages\n- upstream_only: check upload stream messages only\n- dnstream_only: check download stream messages only\n- disable: don't check any messages", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-message_format_checking", + "text" : "message_format_checking", + "type" : "OneOf(String(\"all\"),String(\"upstream_only\"),String(\"dnstream_only\"),String(\"disable\"))", + "default" : "disable" + }, + { + "doc" : "JSON Schema directory for OCPP message definitions.\nDefault: ${application}/priv/schemas", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-json_schema_dir", + "text" : "json_schema_dir", + "type" : "String", + "default" : "\"${application_priv}/schemas\"" + }, + { + "doc" : "The ID prefix for the OCPP message schemas.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-json_schema_id_prefix", + "text" : "json_schema_id_prefix", + "type" : "String", + "default" : "\"urn:OCPP:1.6:2019:12:\"" + }, + { + "refs" : [ + { + "doc" : "Websocket listeners", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners", + "fields" : [ + { + "doc" : "Websocket listener.", + "refs" : [ + { + "doc" : "Websocket listener", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "refs" : [ + { + "doc" : "Websocket options", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket", + "fields" : [ + { + "doc" : "WebSocket's MQTT protocol path. So the address of EMQX Broker's WebSocket is:\nws://{ip}:{port}/mqtt", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-path", + "text" : "path", + "type" : "String", + "default" : "\"/ocpp\"" + }, + { + "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-piggyback", + "text" : "piggyback", + "type" : "Enum(single,multiple)", + "default" : "single" + }, + { + "doc" : "If true, compress WebSocket messages using zlib.
\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "The maximum length of a single MQTT packet.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer)", + "default" : "infinity" + }, + { + "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Comma-separated list of supported subprotocols.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"ocpp1.6, ocpp2.0\"" + }, + { + "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "List of allowed origins.
See check_origin_enable.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "HTTP header used to pass information about the client IP address.\nRelevant when the EMQX cluster is deployed behind a load-balancer.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "HTTP header used to pass information about the client port. Relevant when the EMQX cluster is deployed behind a load-balancer.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "Compression level.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "Specifies the compression strategy.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "Takeover means the compression state is retained between server messages.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Takeover means the compression state is retained between client messages.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Specifies the size of the compression context for the server.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "Specifies the size of the compression context for the client.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + } + ], + "text" : "websocket" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket", + "text" : "websocket", + "type" : "Struct(websocket)" + } + ], + "text" : "ws_listener" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws", + "text" : "ws", + "type" : "Map($name->Struct(ws_listener))" + }, + { + "doc" : "Websocket over TLS listener.", + "refs" : [ + { + "doc" : "Websocket over TLS listener", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket options.", + "refs" : [ + { + "doc" : "Socket options for WebSocket/SSL connections.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "listener_wss_opts" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_wss_opts)" + }, + { + "refs" : [ + { + "doc" : "Websocket options", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket", + "fields" : [ + { + "doc" : "WebSocket's MQTT protocol path. So the address of EMQX Broker's WebSocket is:\nws://{ip}:{port}/mqtt", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-path", + "text" : "path", + "type" : "String", + "default" : "\"/ocpp\"" + }, + { + "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-piggyback", + "text" : "piggyback", + "type" : "Enum(single,multiple)", + "default" : "single" + }, + { + "doc" : "If true, compress WebSocket messages using zlib.
\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "The maximum length of a single MQTT packet.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer)", + "default" : "infinity" + }, + { + "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Comma-separated list of supported subprotocols.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"ocpp1.6, ocpp2.0\"" + }, + { + "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "List of allowed origins.
See check_origin_enable.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "HTTP header used to pass information about the client IP address.\nRelevant when the EMQX cluster is deployed behind a load-balancer.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "HTTP header used to pass information about the client port. Relevant when the EMQX cluster is deployed behind a load-balancer.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "Compression level.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "Specifies the compression strategy.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "Takeover means the compression state is retained between server messages.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Takeover means the compression state is retained between client messages.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "Specifies the size of the compression context for the server.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "Specifies the size of the compression context for the client.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + } + ], + "text" : "websocket" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket", + "text" : "websocket", + "type" : "Struct(websocket)" + } + ], + "text" : "wss_listener" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss", + "text" : "wss", + "type" : "Map($name->Struct(wss_listener))" + } + ], + "text" : "ws_listeners" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners", + "text" : "listeners", + "type" : "Struct(ws_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "ocpp" + } + ], + "hash" : "V-gateway-S-gateway-ocpp", + "text" : "ocpp", + "type" : "Struct(ocpp)" + }, + { + "refs" : [ + { + "doc" : "The STOMP protocol gateway provides EMQX with the ability to access STOMP\n(Simple (or Streaming) Text Orientated Messaging Protocol) protocol.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp", + "fields" : [ + { + "refs" : [ + { + "doc" : "Size limits for the STOMP frames.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame", + "fields" : [ + { + "doc" : "The maximum number of Header", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers", + "text" : "max_headers", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "The maximum string length of the Header Value", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers_length", + "text" : "max_headers_length", + "type" : "Integer(0..+inf)", + "default" : "1024" + }, + { + "doc" : "Maximum number of bytes of Body allowed per Stomp packet", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_body_length", + "text" : "max_body_length", + "type" : "Integer", + "default" : "65536" + } + ], + "text" : "stomp_frame" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame", + "text" : "frame", + "type" : "Struct(stomp_frame)" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the TCP listeners.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners", + "fields" : [ + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "A map from listener names to listener settings.", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Size of the acceptor pool.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "Setting the TCP socket options.", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Close the connection if send timeout.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "The TCP_NODELAY flag for the connections.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The SO_REUSEADDR flag for the connections.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none'", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "The IP address and port that the listener will bind.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "The maximum number of concurrent connections allowed by the listener.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "Maximum connections per second.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny
| | all`.\n\nFor example:\n\n`[\\\"deny 192.168.1.1\\\", \\\"allow 192.168.1.0/24\\\", \\\"deny, all\\\"]`", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket options.", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL for the OCSP responder to check the server certificate against.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "Whether to enable CRL verification for this listener.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + } + ], + "text" : "tcp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners", + "text" : "listeners", + "type" : "Struct(tcp_listeners)" + }, + { + "doc" : "Whether to enable client process statistic", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo override.", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "Template for overriding username.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Template for overriding password.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "Template for overriding clientid.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "stomp" + } + ], + "hash" : "V-gateway-S-gateway-stomp", + "text" : "stomp", + "type" : "Struct(stomp)" + } + ], + "text" : "gateway" + } + ], + "hash" : "V-gateway", + "text" : "gateway", + "type" : "Struct(gateway)" + }, + { + "refs" : [ + { + "doc" : "Recommended setting", + "hash" : "T-prometheus-S-recommend_setting", + "fields" : [ + { + "doc" : "Enable or disable basic authentication for prometheus scrape api, not for Push Gateway", + "hash" : "V-prometheus-S-recommend_setting-enable_basic_auth", + "text" : "enable_basic_auth", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Push Gateway is optional, should not be configured if prometheus is to scrape EMQX.", + "refs" : [ + { + "doc" : "Push Gateway is optional, should not be configured if prometheus is to scrape EMQX.", + "hash" : "T-prometheus-S-recommend_setting-push_gateway-S-push_gateway", + "fields" : [ + { + "doc" : "Enable or disable Pushgateway", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "URL of Pushgateway server. Pushgateway is optional, should not be configured if prometheus is to scrape EMQX.", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-url", + "text" : "url", + "type" : "String", + "default" : "\"http://127.0.0.1:9091\"" + }, + { + "doc" : "Data reporting interval
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-interval", + "text" : "interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "An HTTP Headers when pushing to Push Gateway.
\nFor example, { Authorization = \"some-authz-tokens\"}", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-headers", + "text" : "headers", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Job Name that is pushed to the Push Gateway. Available variables:
\n- ${name}: Name of EMQX node.
\n- ${host}: Host name of EMQX node.
\nFor example, when the EMQX node name is emqx@127.0.0.1 then the name\nvariable takes value emqx and the host variable takes value 127.0.0.1.\nDefault value is: ${name}/instance/${name}~${host}", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-job_name", + "text" : "job_name", + "type" : "String", + "default" : "\"${name}/instance/${name}~${host}\"" + } + ], + "text" : "push_gateway" + } + ], + "hash" : "V-prometheus-S-recommend_setting-push_gateway", + "text" : "push_gateway", + "type" : "Struct(push_gateway)" + }, + { + "doc" : "The internal advanced metrics of the virtual machine are initially disabled\nand are usually only enabled during performance testing.\nEnabling them will increase the CPU load.", + "refs" : [ + { + "doc" : "The internal advanced metrics of the virtual machine are initially disabled\nand are usually only enabled during performance testing.\nEnabling them will increase the CPU load.", + "hash" : "T-prometheus-S-recommend_setting-collectors-S-collectors", + "fields" : [ + { + "doc" : "Enable or disable VM distribution collector,\ncollects information about the sockets and processes involved in the Erlang distribution mechanism.", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_dist", + "text" : "vm_dist", + "type" : "Enum(disabled,enabled)", + "default" : "disabled" + }, + { + "doc" : "Collects Mnesia metrics mainly using mnesia:system_info/1 ", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-mnesia", + "text" : "mnesia", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Enable or disable VM statistics collector.", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_statistics", + "text" : "vm_statistics", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Enable or disable VM system info collector.", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_system_info", + "text" : "vm_system_info", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Collects information about memory dynamically allocated by the Erlang emulator using\n erlang:memory/0 .", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_memory", + "text" : "vm_memory", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Enable or disable VM microstate accounting metrics collector.", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_msacc", + "text" : "vm_msacc", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + } + ], + "text" : "collectors" + } + ], + "hash" : "V-prometheus-S-recommend_setting-collectors", + "text" : "collectors", + "type" : "Struct(collectors)" + } + ], + "text" : "recommend_setting" + }, + { + "doc" : "Deprecated since 5.4.0", + "hash" : "T-prometheus-S-legacy_deprecated_setting", + "fields" : [ + { + "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.url` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-push_gateway_server", + "text" : "push_gateway_server", + "type" : "String", + "default" : "\"http://127.0.0.1:9091\"" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.interval` instead
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-prometheus-S-legacy_deprecated_setting-interval", + "text" : "interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.headers` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-headers", + "text" : "headers", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.job_name` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-job_name", + "text" : "job_name", + "type" : "String", + "default" : "\"${name}/instance/${name}~${host}\"" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.url` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_dist` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_dist_collector", + "text" : "vm_dist_collector", + "type" : "Enum(disabled,enabled)", + "default" : "disabled" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.mnesia` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-mnesia_collector", + "text" : "mnesia_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_statistics` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_statistics_collector", + "text" : "vm_statistics_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Deprecated, use `prometheus.collectors.vm_system_info` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_system_info_collector", + "text" : "vm_system_info_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_memory` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_memory_collector", + "text" : "vm_memory_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_msacc` instead", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_msacc_collector", + "text" : "vm_msacc_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + } + ], + "text" : "legacy_deprecated_setting" + } + ], + "hash" : "V-prometheus", + "text" : "prometheus", + "type" : "OneOf(Struct(recommend_setting),Struct(legacy_deprecated_setting))", + "default" : "{}" + }, + { + "refs" : [ + { + "doc" : "External hook (exhook) configuration.", + "hash" : "T-exhook-S-exhook", + "fields" : [ + { + "doc" : "List of exhook servers", + "refs" : [ + { + "doc" : "gRPC server configuration.", + "hash" : "T-exhook-S-exhook-servers-S-server", + "fields" : [ + { + "doc" : "Name of the exhook server", + "hash" : "V-exhook-S-exhook-servers-S-server-name", + "text" : "name", + "type" : "String" + }, + { + "doc" : "URL of the gRPC server", + "hash" : "V-exhook-S-exhook-servers-S-server-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "The timeout of request gRPC server
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-exhook-S-exhook-servers-S-server-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "The value that is returned when the request to the gRPC server fails for any reason", + "hash" : "V-exhook-S-exhook-servers-S-server-failed_action", + "text" : "failed_action", + "type" : "Enum(deny,ignore)", + "default" : "deny" + }, + { + "refs" : [ + { + "doc" : "SSL client configuration.", + "hash" : "T-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_conf" + } + ], + "hash" : "V-exhook-S-exhook-servers-S-server-ssl", + "text" : "ssl", + "type" : "Struct(ssl_conf)" + }, + { + "refs" : [ + { + "doc" : "Connection socket options", + "hash" : "T-exhook-S-exhook-servers-S-server-socket_options-S-socket_options", + "fields" : [ + { + "doc" : "Enables/disables periodic transmission on a connected socket when no other data is exchanged.\nIf the other end does not respond, the connection is considered broken and an error message is sent to the controlling process.", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-keepalive", + "text" : "keepalive", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "If true, option TCP_NODELAY is turned on for the socket,\nwhich means that also small amounts of data are sent immediately", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum size of receive buffer to use for the socket
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "The minimum size of send buffer to use for the socket
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + } + ], + "text" : "socket_options" + } + ], + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options", + "text" : "socket_options", + "type" : "Struct(socket_options)", + "default" : "{keepalive = true, nodelay = true}" + }, + { + "doc" : "Whether to automatically reconnect (initialize) the gRPC server.\nWhen gRPC is not available, Exhook tries to request the gRPC service at that interval and reinitialize the list of mounted hooks.", + "hash" : "V-exhook-S-exhook-servers-S-server-auto_reconnect", + "text" : "auto_reconnect", + "type" : "OneOf(String(\"false\"),Duration)", + "default" : "\"60s\"" + }, + { + "doc" : "The process pool size for gRPC client", + "hash" : "V-exhook-S-exhook-servers-S-server-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + } + ], + "text" : "server" + } + ], + "hash" : "V-exhook-S-exhook-servers", + "text" : "servers", + "type" : "Array(Struct(server))", + "default" : "[]" + } + ], + "text" : "exhook" + } + ], + "hash" : "V-exhook", + "text" : "exhook", + "type" : "Struct(exhook)" + }, + { + "refs" : [ + { + "doc" : "PSK stands for 'Pre-Shared Keys'.\nThis config to enable TLS-PSK authentication.\n\nImportant! Make sure the SSL listener with only tlsv1.2 enabled, and also PSK cipher suites\nconfigured, such as RSA-PSK-AES256-GCM-SHA384.\n\nSee listener SSL options config for more details.\n\nThe IDs and secrets can be provided from a file which is configurable by the init_file field.", + "hash" : "T-psk_authentication-S-psk_authentication", + "fields" : [ + { + "doc" : "Whether to enable TLS PSK support", + "hash" : "V-psk_authentication-S-psk_authentication-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "If init_file is specified, EMQX will import PSKs from the file into the built-in database at startup for use by the runtime.\nThe file has to be structured line-by-line, each line must be in the format of PSKIdentity:SharedSecret.\nFor example: mydevice1:c2VjcmV0", + "hash" : "V-psk_authentication-S-psk_authentication-init_file", + "text" : "init_file", + "type" : "String" + }, + { + "doc" : "The separator between PSKIdentity and SharedSecret in the PSK file", + "hash" : "V-psk_authentication-S-psk_authentication-separator", + "text" : "separator", + "type" : "String", + "default" : "\":\"" + }, + { + "doc" : "The size of each chunk used to import to the built-in database from PSK file", + "hash" : "V-psk_authentication-S-psk_authentication-chunk_size", + "text" : "chunk_size", + "type" : "Integer", + "default" : "50" + } + ], + "text" : "psk_authentication" + } + ], + "hash" : "V-psk_authentication", + "text" : "psk_authentication", + "type" : "Struct(psk_authentication)" + }, + { + "refs" : [ + { + "doc" : "Configuration for `slow_subs` feature.", + "hash" : "T-slow_subs-S-slow_subs", + "fields" : [ + { + "doc" : "Enable Slow Subscriptions", + "hash" : "V-slow_subs-S-slow_subs-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The Client ID and topic of the consumer whose message latency is greater than this threshold will be recorded in the slow subscription list.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-slow_subs-S-slow_subs-threshold", + "text" : "threshold", + "type" : "Duration", + "default" : "\"500ms\"" + }, + { + "doc" : "The expiration time of the slow subscription record, if the record is not updated within the expiration time, then the record will be deleted.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-slow_subs-S-slow_subs-expire_interval", + "text" : "expire_interval", + "type" : "Duration", + "default" : "\"300s\"" + }, + { + "doc" : "The maximum number of slow-subscription records, up to a maximum of 1000.", + "hash" : "V-slow_subs-S-slow_subs-top_k_num", + "text" : "top_k_num", + "type" : "Integer(1..+inf)", + "default" : "10" + }, + { + "doc" : "Message latency calculation method:\n\n- `whole`: The time from when the message arrives at the EMQX (the EMQX gets the message from the receive-buffer) until the message completes delivery.\n- `internal`: The time from when the message arrives at the EMQX (the EMQX gets the message from the receive-buffer) to when the message begins to be delivered (the EMQX attempts to write the message to the send-buffer).\n- `response`: The time from the start of message delivery to the completion.\n\nNote: The completion delivery time refers to the time when QoS 1 and 2 messages complete the MQTT message response process, i.e., the time when QoS 1 message receives the PUBACK packet and QoS 2 message receives the PUBCOMP packet.\nSince there is no response packet for QoS 0 message, the completion delivery time of the QoS 0 message will be replaced by the time when the message starts to be delivered. Therefore, when using the `response` method to calculate the latency, the latency of a QoS 0 message will always be equal to 0.", + "hash" : "V-slow_subs-S-slow_subs-stats_type", + "text" : "stats_type", + "type" : "Enum(whole,internal,response)", + "default" : "whole" + } + ], + "text" : "slow_subs" + } + ], + "hash" : "V-slow_subs", + "text" : "slow_subs", + "type" : "Struct(slow_subs)" + }, + { + "refs" : [ + { + "doc" : "Open Telemetry Toolkit configuration", + "hash" : "T-opentelemetry-S-opentelemetry", + "fields" : [ + { + "doc" : "Open Telemetry Metrics configuration.", + "refs" : [ + { + "doc" : "Open Telemetry Metrics configuration.", + "hash" : "T-opentelemetry-S-opentelemetry-metrics-S-otel_metrics", + "fields" : [ + { + "doc" : "Enable or disable Open Telemetry signal.", + "hash" : "V-opentelemetry-S-opentelemetry-metrics-S-otel_metrics-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The delay interval between two consecutive exports of Open Telemetry signals.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-opentelemetry-S-opentelemetry-metrics-S-otel_metrics-interval", + "aliases" : [ + "scheduled_delay" + ], + "text" : "interval", + "type" : "Duration", + "default" : "\"10s\"" + } + ], + "text" : "otel_metrics" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-metrics", + "text" : "metrics", + "type" : "Struct(otel_metrics)" + }, + { + "doc" : "Open Telemetry Logs configuration. If enabled, EMQX installs a log handler that formats events according to Open Telemetry log data model and\nexports them to the configured Open Telemetry collector or backend.", + "refs" : [ + { + "doc" : "Open Telemetry Logs configuration. If enabled, EMQX installs a log handler that formats events according to Open Telemetry log data model and\nexports them to the configured Open Telemetry collector or backend.", + "hash" : "T-opentelemetry-S-opentelemetry-logs-S-otel_logs", + "fields" : [ + { + "doc" : "The log level of the Open Telemetry log handler.", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "Enable or disable Open Telemetry signal.", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The delay interval between two consecutive exports of Open Telemetry signals.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-scheduled_delay", + "text" : "scheduled_delay", + "type" : "Duration", + "default" : "\"1s\"" + } + ], + "text" : "otel_logs" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-logs", + "text" : "logs", + "type" : "Struct(otel_logs)" + }, + { + "doc" : "Open Telemetry Traces configuration.", + "refs" : [ + { + "doc" : "Open Telemetry Traces configuration.", + "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces", + "fields" : [ + { + "doc" : "Enable or disable Open Telemetry signal.", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The delay interval between two consecutive exports of Open Telemetry signals.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-scheduled_delay", + "text" : "scheduled_delay", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Open Telemetry Trace Filter configuration", + "refs" : [ + { + "doc" : "Open Telemetry Trace Filter configuration", + "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter", + "fields" : [ + { + "doc" : "If enabled, all published messages are traced, a new trace ID is generated if it can't be extracted from the message.\nOtherwise, only messages published with trace context are traced. Disabled by default.", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-trace_all", + "text" : "trace_all", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "trace_filter" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter", + "text" : "filter", + "type" : "Struct(trace_filter)" + } + ], + "text" : "otel_traces" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-traces", + "text" : "traces", + "type" : "Struct(otel_traces)" + }, + { + "doc" : "Open Telemetry Exporter", + "refs" : [ + { + "doc" : "Open Telemetry Exporter", + "hash" : "T-opentelemetry-S-opentelemetry-exporter-S-otel_exporter", + "fields" : [ + { + "doc" : "The target URL to which the exporter is going to send Open Telemetry signal data.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-endpoint", + "text" : "endpoint", + "type" : "String", + "default" : "\"http://localhost:4317\"" + }, + { + "doc" : "SSL configuration for the Open Telemetry exporter", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "otel_exporter" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-exporter", + "text" : "exporter", + "type" : "Struct(otel_exporter)" + } + ], + "text" : "opentelemetry" + } + ], + "hash" : "V-opentelemetry", + "text" : "opentelemetry", + "type" : "Struct(opentelemetry)" + }, + { + "refs" : [ + { + "doc" : "API Key, can be used to request API other than the management API key and the Dashboard user management API", + "hash" : "T-api_key-S-api_key", + "fields" : [ + { + "doc" : "The bootstrap file provides API keys for EMQX.\nEMQX will load these keys on startup to authorize API requests.\nIt contains colon-separated values in the format: `api_key:api_secret:role`.\nEach line specifies an API key and its associated secret, and the role of this key.\nThe 'role' part should be the pre-defined access scope group name,\nfor example, `administrator` or `viewer`.\nThe 'role' is introduced in 5.4, to be backward compatible, if it is missing, the key is implicitly granted `administrator` role.", + "hash" : "V-api_key-S-api_key-bootstrap_file", + "text" : "bootstrap_file", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "api_key" + } + ], + "hash" : "V-api_key", + "text" : "api_key", + "type" : "Struct(api_key)" + }, + { + "doc" : "Defines the EMQX Enterprise license.\n\nEMQX Enterprise is initially provided with a default trial license.\nThis license, issued in April 2024, is valid for a period of 5 years.\nIt supports up to 25 concurrent connections, catering to early-stage development and testing needs.\n\nFor deploying EMQX Enterprise in a production environment, a different license is required. You can apply for a production license by visiting https://www.emqx.com/apply-licenses/emqx?version=5", + "refs" : [ + { + "doc" : "License provisioned as a string.", + "hash" : "T-license-S-key_license", + "fields" : [ + { + "doc" : "This configuration parameter is designated for the license key and supports below input formats:\n\n- Direct Key: Enter the secret key directly as a string value.\n- File Path: Specify the path to a file that contains the secret key. Ensure the path starts with file://.\n- \"default\": Use string value \"default\" to apply the default trial license.\n\nNote: An invalid license key or an incorrect file path may prevent EMQX from starting successfully.\nIf a file path is used, EMQX attempts to reload the license key from the file every 2 minutes.\nAny failure in reloading the license file will be recorded as an error level log message,\nand EMQX continues to apply the license loaded previously.", + "hash" : "V-license-S-key_license-key", + "text" : "key", + "type" : "OneOf(String(\"default\"),String)", + "default" : "default" + }, + { + "doc" : "Low watermark limit below which license connection quota usage alarms are deactivated", + "hash" : "V-license-S-key_license-connection_low_watermark", + "text" : "connection_low_watermark", + "type" : "String", + "default" : "\"75%\"" + }, + { + "doc" : "High watermark limit above which license connection quota usage alarms are activated", + "hash" : "V-license-S-key_license-connection_high_watermark", + "text" : "connection_high_watermark", + "type" : "String", + "default" : "\"80%\"" + } + ], + "text" : "key_license" + } + ], + "hash" : "V-license", + "text" : "license", + "type" : "Struct(key_license)" + }, + { + "refs" : [ + { + "doc" : "Schema registry configurations.", + "hash" : "T-schema_registry-S-schema_registry", + "fields" : [ + { + "doc" : "Confluent External Schema Registry configuration.", + "refs" : [ + { + "doc" : "Confluent External Schema Registry configuration.", + "hash" : "T-schema_registry-S-schema_registry-external-S-confluent_schema_registry", + "fields" : [ + { + "doc" : "External Schema Registry Type", + "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-type", + "text" : "type", + "type" : "String(\"confluent\")", + "default" : "confluent" + }, + { + "doc" : "URL endpoint for external registry.", + "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "Authentication options for accessing external registry.", + "refs" : [ + { + "doc" : "Authentication options for accessing external registry.", + "hash" : "T-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth-S-confluent_schema_registry_auth_basic", + "fields" : [ + { + "doc" : "Username for basic authentication method.", + "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth-S-confluent_schema_registry_auth_basic-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Password for basic authentication method.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth-S-confluent_schema_registry_auth_basic-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "confluent_schema_registry_auth_basic" + } + ], + "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth", + "text" : "auth", + "type" : "OneOf(String(\"none\"),Struct(confluent_schema_registry_auth_basic))", + "default" : "none" + } + ], + "text" : "confluent_schema_registry" + } + ], + "hash" : "V-schema_registry-S-schema_registry-external", + "text" : "external", + "type" : "Map($name->OneOf(Struct(confluent_schema_registry)))", + "default" : "{}" + }, + { + "doc" : "Registered schemas.", + "refs" : [ + { + "doc" : "[Apache Avro](https://avro.apache.org/) serialization format.", + "hash" : "T-schema_registry-S-schema_registry-schemas-S-avro", + "fields" : [ + { + "doc" : "Must be `avro` for Avro schema.", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-avro-type", + "text" : "type", + "type" : "String(\"avro\")" + }, + { + "doc" : "Source text for the schema.", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-avro-source", + "text" : "source", + "type" : "String" + }, + { + "doc" : "A description for this schema.", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-avro-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "avro" + }, + { + "doc" : "[Protocol Buffers](https://protobuf.dev/) serialization format.", + "hash" : "T-schema_registry-S-schema_registry-schemas-S-protobuf", + "fields" : [ + { + "doc" : "Must be `protobuf` for protobuf schema.", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-type", + "text" : "type", + "type" : "String(\"protobuf\")" + }, + { + "doc" : "Source text for the schema.", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-source", + "text" : "source", + "type" : "String" + }, + { + "doc" : "A description for this schema.", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "protobuf" + }, + { + "doc" : "Supports JSON Schema\n[Draft 03](http://tools.ietf.org/html/draft-zyp-json-schema-03)\n[Draft 04](http://tools.ietf.org/html/draft-zyp-json-schema-04) and\n[Draft 06](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-00).", + "hash" : "T-schema_registry-S-schema_registry-schemas-S-json", + "fields" : [ + { + "doc" : "Must be `json` for JSON schema.", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-json-type", + "text" : "type", + "type" : "String(\"json\")" + }, + { + "doc" : "Source text for the schema.", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-json-source", + "text" : "source", + "type" : "String" + }, + { + "doc" : "A description for this schema.", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-json-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "json" + } + ], + "hash" : "V-schema_registry-S-schema_registry-schemas", + "text" : "schemas", + "type" : "Map($name->OneOf(Struct(avro),Struct(protobuf),Struct(json)))", + "default" : "{}" + } + ], + "text" : "schema_registry" + } + ], + "hash" : "V-schema_registry", + "text" : "schema_registry", + "type" : "Struct(schema_registry)" + }, + { + "refs" : [ + { + "doc" : "File transfer settings", + "hash" : "T-file_transfer-S-file_transfer", + "fields" : [ + { + "doc" : "Enable the File Transfer feature.
\nEnabling File Transfer implies reserving special MQTT topics in order to serve the protocol.
\nThis toggle also affects the availability of the File Transfer REST API and\nstorage-dependent background activities (e.g. garbage collection).", + "hash" : "V-file_transfer-S-file_transfer-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Timeout for EMQX to initialize the file transfer.
\nAfter reaching the timeout (e.g. due to system is overloaded), the PUBACK message for `init` will contain error code (0x80).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-file_transfer-S-file_transfer-init_timeout", + "text" : "init_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Timeout for storing a file segment.
\nAfter reaching the timeout (e.g. due to system overloaded), the PUBACK message will contain error code (0x80).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-file_transfer-S-file_transfer-store_segment_timeout", + "text" : "store_segment_timeout", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "Timeout for assembling and exporting file segments into a final file.
\nAfter reaching the timeout (e.g. due to system is overloaded), the PUBACK message for `fin` will contain error code (0x80)
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-file_transfer-S-file_transfer-assemble_timeout", + "text" : "assemble_timeout", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "Storage settings for file transfer.", + "refs" : [ + { + "doc" : "Storage backend settings for file transfer", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend", + "fields" : [ + { + "doc" : "Local file system backend to store uploaded fragments and temporary data.", + "refs" : [ + { + "doc" : "File transfer local storage settings", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage", + "fields" : [ + { + "doc" : "Settings for local segments storage, which include uploaded transfer fragments and temporary data.", + "refs" : [ + { + "doc" : "File transfer local segments storage settings", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments", + "fields" : [ + { + "doc" : "File system path to keep uploaded fragments and temporary data.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-root", + "text" : "root", + "type" : "String" + }, + { + "doc" : "Garbage collection settings for the intermediate and temporary files in the local file system.", + "refs" : [ + { + "doc" : "Garbage collection settings for the File transfer local segments storage", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc", + "fields" : [ + { + "doc" : "Interval of periodic garbage collection.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc-interval", + "text" : "interval", + "type" : "Duration", + "default" : "\"1h\"" + }, + { + "doc" : "Maximum TTL of a segment kept in the local file system.
\nThis is a hard limit: no segment will outlive this TTL, even if some file transfer specifies a\nTTL more than that.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc-maximum_segments_ttl", + "text" : "maximum_segments_ttl", + "type" : "Duration(s)", + "default" : "\"24h\"" + }, + { + "doc" : "Minimum TTL of a segment kept in the local file system.
\nThis is a hard limit: no segment will be garbage collected before reaching this TTL,\neven if some file transfer specifies a TTL less than that.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc-minimum_segments_ttl", + "text" : "minimum_segments_ttl", + "type" : "Duration(s)", + "default" : "\"5m\"" + } + ], + "text" : "local_storage_segments_gc" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc", + "text" : "gc", + "type" : "Struct(local_storage_segments_gc)" + } + ], + "text" : "local_storage_segments" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments", + "text" : "segments", + "type" : "Struct(local_storage_segments)", + "default" : "{gc {}}" + }, + { + "doc" : "Exporter for the local file system storage backend.
\nExporter defines where and how fully transferred and assembled files are stored.", + "refs" : [ + { + "doc" : "Exporter for the local file system storage backend", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend", + "fields" : [ + { + "doc" : "Exporter to the local file system.", + "refs" : [ + { + "doc" : "Local Exporter settings for the File transfer local storage backend", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-local-S-local_storage_exporter", + "fields" : [ + { + "doc" : "Directory where the uploaded files are kept.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-local-S-local_storage_exporter-root", + "text" : "root", + "type" : "String" + } + ], + "text" : "local_storage_exporter" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-local", + "text" : "local", + "type" : "Struct(local_storage_exporter)" + }, + { + "doc" : "Exporter to the S3 API compatible object storage.", + "refs" : [ + { + "doc" : "S3 Exporter settings for the File transfer local storage backend", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter", + "fields" : [ + { + "doc" : "The access key ID of the S3 bucket.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-access_key_id", + "text" : "access_key_id", + "type" : "String" + }, + { + "doc" : "The secret access key of the S3 bucket.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-secret_access_key", + "text" : "secret_access_key", + "type" : "Secret" + }, + { + "doc" : "The host of the S3 endpoint.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-host", + "text" : "host", + "type" : "String" + }, + { + "doc" : "The port of the S3 endpoint.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-port", + "text" : "port", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Options for the HTTP transport layer used by the S3 client.", + "refs" : [ + { + "doc" : "Options for the HTTP transport layer used by the S3 client", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options", + "fields" : [ + { + "doc" : "Whether to probe for IPv6 support.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ipv6_probe", + "text" : "ipv6_probe", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "The type of the pool. Can be one of `random`, `hash`.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "The pool size.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "SSL connection settings.", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM format private key file.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "Enable or disable peer verification.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "Enable TLS.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "List of HTTP headers.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "Max retry times if error on sending request.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "transport_options" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options", + "text" : "transport_options", + "type" : "Struct(transport_options)" + }, + { + "doc" : "The minimum part size for multipart uploads.
\nUploaded data will be accumulated in memory until this size is reached.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-min_part_size", + "text" : "min_part_size", + "type" : "Bytesize", + "default" : "\"5mb\"" + }, + { + "doc" : "The maximum part size for multipart uploads.
\nS3 uploader won't try to upload parts larger than this size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-max_part_size", + "text" : "max_part_size", + "type" : "Bytesize", + "default" : "\"5gb\"" + }, + { + "doc" : "The time in seconds for which the signed URLs to the S3 objects are valid.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-url_expire_time", + "text" : "url_expire_time", + "type" : "Duration(s)", + "default" : "\"1h\"" + }, + { + "doc" : "The name of the S3 bucket.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-bucket", + "text" : "bucket", + "type" : "String" + }, + { + "doc" : "The ACL to use for the uploaded objects.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-acl", + "text" : "acl", + "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)" + } + ], + "text" : "s3_exporter" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3", + "text" : "s3", + "type" : "Struct(s3_exporter)" + } + ], + "text" : "local_storage_exporter_backend" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter", + "text" : "exporter", + "type" : "Struct(local_storage_exporter_backend)", + "default" : "{local {}}" + } + ], + "text" : "local_storage" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local", + "text" : "local", + "type" : "Struct(local_storage)" + } + ], + "text" : "storage_backend" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage", + "text" : "storage", + "type" : "Struct(storage_backend)", + "default" : "{local {}}" + } + ], + "text" : "file_transfer" + } + ], + "hash" : "V-file_transfer", + "text" : "file_transfer", + "type" : "Struct(file_transfer)" + }, + { + "refs" : [ + { + "doc" : "Settings for durable queues", + "hash" : "T-durable_queues-S-durable_queues", + "fields" : [ + { + "doc" : "Enable the shared subscription feature.", + "hash" : "V-durable_queues-S-durable_queues-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "durable_queues" + } + ], + "hash" : "V-durable_queues", + "text" : "durable_queues", + "type" : "Struct(durable_queues)" + } + ], + "text" : "root" +} \ No newline at end of file diff --git a/hocon/hocon-ee-v5.8.2-zh.json b/hocon/hocon-ee-v5.8.2-zh.json new file mode 100644 index 000000000..9931cd5cf --- /dev/null +++ b/hocon/hocon-ee-v5.8.2-zh.json @@ -0,0 +1,34589 @@ +{ + "doc" : "", + "hash" : "T-root", + "fields" : [ + { + "refs" : [ + { + "doc" : "MQTT listeners identified by their protocol type and assigned names", + "hash" : "T-listeners-S-listeners", + "fields" : [ + { + "doc" : "TCP 监听器。", + "refs" : [ + { + "doc" : "Settings for the MQTT over TCP listener.", + "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener", + "fields" : [ + { + "doc" : "监听套接字的 IP 地址和端口。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "1883" + }, + { + "doc" : "监听器接收池的大小。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "监听器允许的最大并发连接数。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "发布或订阅时,请在所有主题前面加上 mountpoint 字符串。\n\n将消息传递给订阅者时,将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。\n\n例如,如果客户机 A 使用 listeners.tcp.\\.mountpoint 设置为'some_tenant',那么客户端实际上订阅了主题'some_tenant/t'。
\n类似地,如果另一个客户端 B(与客户端 A 连接到同一个侦听器)向主题 't' 发送消息,该消息将路由到所有订阅了'some_租户/t'的客户端,因此客户端 A 将接收主题名为't'的消息
\n\n设置为\"\" 以禁用该功能
\n\nmountpoint 字符串中的变量:\n- ${clientid}: clientid\n- ${username}: username", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "用于限制当前监听器接受连接的速率。\n\n一旦达到限制,EMQX 将暂停从接受队列中获取连接,从而延迟或拒绝新连接。\n\n例如:\n\n- 1000/s:每秒只接受 1000 个连接。\n- 1000/10s:每 10 秒只接受 1000 个连接。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的消息数量。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n例如:\n\n- 500/s:每秒只接收 500 条消息,剩余消息将被延迟。\n- 500/10s:每 10 秒只接收 500 条消息,剩余消息将被延迟。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的字节数。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- 500KB/s:每秒钟只接收 500 千字节,剩余字节将被延迟。\n- 500MB/10s:每 10 秒只接收 500 兆字节,剩余字节将被延迟。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "此监听器的访问控制规则。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + } + ], + "text" : "mqtt_tcp_listener" + } + ], + "hash" : "V-listeners-S-listeners-tcp", + "text" : "tcp", + "type" : "Map($name->OneOf(Struct(mqtt_tcp_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "SSL 监听器。", + "refs" : [ + { + "doc" : "Settings for the MQTT over SSL listener.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener", + "fields" : [ + { + "doc" : "监听套接字的 IP 地址和端口。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8883" + }, + { + "doc" : "监听器接收池的大小。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "监听器允许的最大并发连接数。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "发布或订阅时,请在所有主题前面加上 mountpoint 字符串。\n\n将消息传递给订阅者时,将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。\n\n例如,如果客户机 A 使用 listeners.tcp.\\.mountpoint 设置为'some_tenant',那么客户端实际上订阅了主题'some_tenant/t'。
\n类似地,如果另一个客户端 B(与客户端 A 连接到同一个侦听器)向主题 't' 发送消息,该消息将路由到所有订阅了'some_租户/t'的客户端,因此客户端 A 将接收主题名为't'的消息
\n\n设置为\"\" 以禁用该功能
\n\nmountpoint 字符串中的变量:\n- ${clientid}: clientid\n- ${username}: username", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "用于限制当前监听器接受连接的速率。\n\n一旦达到限制,EMQX 将暂停从接受队列中获取连接,从而延迟或拒绝新连接。\n\n例如:\n\n- 1000/s:每秒只接受 1000 个连接。\n- 1000/10s:每 10 秒只接受 1000 个连接。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的消息数量。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n例如:\n\n- 500/s:每秒只接收 500 条消息,剩余消息将被延迟。\n- 500/10s:每 10 秒只接收 500 条消息,剩余消息将被延迟。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的字节数。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- 500KB/s:每秒钟只接收 500 千字节,剩余字节将被延迟。\n- 500MB/10s:每 10 秒只接收 500 兆字节,剩余字节将被延迟。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "此监听器的访问控制规则。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "mqtt_ssl_listener" + } + ], + "hash" : "V-listeners-S-listeners-ssl", + "text" : "ssl", + "type" : "Map($name->OneOf(Struct(mqtt_ssl_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "HTTP websocket 监听器。", + "refs" : [ + { + "doc" : "Settings for the MQTT over WebSocket listener.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener", + "fields" : [ + { + "doc" : "监听套接字的 IP 地址和端口。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8083" + }, + { + "doc" : "监听器接收池的大小。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "监听器允许的最大并发连接数。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "发布或订阅时,请在所有主题前面加上 mountpoint 字符串。\n\n将消息传递给订阅者时,将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。\n\n例如,如果客户机 A 使用 listeners.tcp.\\.mountpoint 设置为'some_tenant',那么客户端实际上订阅了主题'some_tenant/t'。
\n类似地,如果另一个客户端 B(与客户端 A 连接到同一个侦听器)向主题 't' 发送消息,该消息将路由到所有订阅了'some_租户/t'的客户端,因此客户端 A 将接收主题名为't'的消息
\n\n设置为\"\" 以禁用该功能
\n\nmountpoint 字符串中的变量:\n- ${clientid}: clientid\n- ${username}: username", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "用于限制当前监听器接受连接的速率。\n\n一旦达到限制,EMQX 将暂停从接受队列中获取连接,从而延迟或拒绝新连接。\n\n例如:\n\n- 1000/s:每秒只接受 1000 个连接。\n- 1000/10s:每 10 秒只接受 1000 个连接。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的消息数量。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n例如:\n\n- 500/s:每秒只接收 500 条消息,剩余消息将被延迟。\n- 500/10s:每 10 秒只接收 500 条消息,剩余消息将被延迟。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的字节数。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- 500KB/s:每秒钟只接收 500 千字节,剩余字节将被延迟。\n- 500MB/10s:每 10 秒只接收 500 兆字节,剩余字节将被延迟。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "此监听器的访问控制规则。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "WebSocket listener options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts", + "fields" : [ + { + "doc" : "WebSocket 的 MQTT 协议路径。因此,EMQX Broker 的 WebSocket 地址为:\nws://{ip}:{port}/mqtt", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_path", + "text" : "mqtt_path", + "type" : "String", + "default" : "\"/mqtt\"" + }, + { + "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_piggyback", + "text" : "mqtt_piggyback", + "type" : "Enum(single,multiple)", + "default" : "multiple" + }, + { + "doc" : "如果 true,则使用 zlib 压缩 WebSocket 消息
\ndeflate_opts 下的配置项属于压缩相关参数配置。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "关闭在此间隔内未发送 MQTT CONNECT 消息的客户端的传输层连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "单个 MQTT 数据包的最大长度。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "如果true,当客户端未携带Sec WebSocket Protocol字段时,服务器将返回一个错误。\n
注意:微信小程序需要禁用此验证。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "逗号分隔的 subprotocols 支持列表。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\"" + }, + { + "doc" : "如果trueoriginHTTP 头将根据check_origins参数中配置的允许来源列表进行验证。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "如果设置为 false 并且 check_origin_enabletrue,服务器将拒绝没有 origin HTTP 头的请求。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "允许的 origins 列表", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "HTTP 头,用于传递有关客户端 IP 地址的信息。\n当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "HTTP 头,用于传递有关客户端端口的信息。当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "压缩级别", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "指定压缩策略。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "接管意味着在服务器消息之间保留压缩状态。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "接管意味着在客户端消息之间保留压缩状态。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "指定服务器压缩上下文的大小。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "指定客户端压缩上下文的大小。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + }, + { + "doc" : "设置为 false 可以禁用 WebSocket 帧 UTF-8 验证以提高性能。", + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-validate_utf8", + "text" : "validate_utf8", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "ws_opts" + } + ], + "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket", + "text" : "websocket", + "type" : "Struct(ws_opts)" + } + ], + "text" : "mqtt_ws_listener" + } + ], + "hash" : "V-listeners-S-listeners-ws", + "text" : "ws", + "type" : "Map($name->OneOf(Struct(mqtt_ws_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "HTTPS websocket 监听器。", + "refs" : [ + { + "doc" : "Settings for the MQTT over WebSocket/SSL listener.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener", + "fields" : [ + { + "doc" : "监听套接字的 IP 地址和端口。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "8084" + }, + { + "doc" : "监听器接收池的大小。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "监听器允许的最大并发连接数。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "发布或订阅时,请在所有主题前面加上 mountpoint 字符串。\n\n将消息传递给订阅者时,将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。\n\n例如,如果客户机 A 使用 listeners.tcp.\\.mountpoint 设置为'some_tenant',那么客户端实际上订阅了主题'some_tenant/t'。
\n类似地,如果另一个客户端 B(与客户端 A 连接到同一个侦听器)向主题 't' 发送消息,该消息将路由到所有订阅了'some_租户/t'的客户端,因此客户端 A 将接收主题名为't'的消息
\n\n设置为\"\" 以禁用该功能
\n\nmountpoint 字符串中的变量:\n- ${clientid}: clientid\n- ${username}: username", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "用于限制当前监听器接受连接的速率。\n\n一旦达到限制,EMQX 将暂停从接受队列中获取连接,从而延迟或拒绝新连接。\n\n例如:\n\n- 1000/s:每秒只接受 1000 个连接。\n- 1000/10s:每 10 秒只接受 1000 个连接。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的消息数量。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n例如:\n\n- 500/s:每秒只接收 500 条消息,剩余消息将被延迟。\n- 500/10s:每 10 秒只接收 500 条消息,剩余消息将被延迟。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的字节数。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- 500KB/s:每秒钟只接收 500 千字节,剩余字节将被延迟。\n- 500MB/10s:每 10 秒只接收 500 兆字节,剩余字节将被延迟。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + }, + { + "doc" : "此监听器的访问控制规则。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[\"allow all\"]" + }, + { + "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "refs" : [ + { + "doc" : "Socket options for WebSocket/SSL connections.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "listener_wss_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_wss_opts)" + }, + { + "refs" : [ + { + "doc" : "WebSocket listener options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts", + "fields" : [ + { + "doc" : "WebSocket 的 MQTT 协议路径。因此,EMQX Broker 的 WebSocket 地址为:\nws://{ip}:{port}/mqtt", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_path", + "text" : "mqtt_path", + "type" : "String", + "default" : "\"/mqtt\"" + }, + { + "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_piggyback", + "text" : "mqtt_piggyback", + "type" : "Enum(single,multiple)", + "default" : "multiple" + }, + { + "doc" : "如果 true,则使用 zlib 压缩 WebSocket 消息
\ndeflate_opts 下的配置项属于压缩相关参数配置。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "关闭在此间隔内未发送 MQTT CONNECT 消息的客户端的传输层连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "单个 MQTT 数据包的最大长度。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "如果true,当客户端未携带Sec WebSocket Protocol字段时,服务器将返回一个错误。\n
注意:微信小程序需要禁用此验证。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "逗号分隔的 subprotocols 支持列表。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\"" + }, + { + "doc" : "如果trueoriginHTTP 头将根据check_origins参数中配置的允许来源列表进行验证。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "如果设置为 false 并且 check_origin_enabletrue,服务器将拒绝没有 origin HTTP 头的请求。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "允许的 origins 列表", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "HTTP 头,用于传递有关客户端 IP 地址的信息。\n当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "HTTP 头,用于传递有关客户端端口的信息。当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "压缩级别", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "指定压缩策略。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "接管意味着在服务器消息之间保留压缩状态。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "接管意味着在客户端消息之间保留压缩状态。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "指定服务器压缩上下文的大小。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "指定客户端压缩上下文的大小。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + }, + { + "doc" : "设置为 false 可以禁用 WebSocket 帧 UTF-8 验证以提高性能。", + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-validate_utf8", + "text" : "validate_utf8", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "ws_opts" + } + ], + "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket", + "text" : "websocket", + "type" : "Struct(ws_opts)" + } + ], + "text" : "mqtt_wss_listener" + } + ], + "hash" : "V-listeners-S-listeners-wss", + "text" : "wss", + "type" : "Map($name->OneOf(Struct(mqtt_wss_listener),String(\"marked_for_deletion\")))" + }, + { + "doc" : "QUIC 监听器。", + "refs" : [ + { + "doc" : "Settings for the MQTT over QUIC listener.", + "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener", + "fields" : [ + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式。
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3。
\n如果打算使用 PSK 密码套件,tlsv1.3 应在 ssl.versions 中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\n\n注:QUIC 监听器只支持 tlsv1.3 的 ciphers。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256]" + }, + { + "doc" : "QUIC 传输层的 TLS 选项", + "refs" : [ + { + "doc" : "TLS options for QUIC transport.", + "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "listener_quic_ssl_opts" + } + ], + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_quic_ssl_opts)" + }, + { + "doc" : "监听套接字的 IP 地址和端口。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bind", + "text" : "bind", + "type" : "String", + "default" : "14567" + }, + { + "doc" : "监听器接收池的大小。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-acceptors", + "text" : "acceptors", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "监听器允许的最大并发连接数。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))", + "default" : "infinity" + }, + { + "doc" : "发布或订阅时,请在所有主题前面加上 mountpoint 字符串。\n\n将消息传递给订阅者时,将从主题名称中删除带前缀的字符串。挂载点是一种用户可以用来实现不同侦听器之间消息路由隔离的方法。\n\n例如,如果客户机 A 使用 listeners.tcp.\\.mountpoint 设置为'some_tenant',那么客户端实际上订阅了主题'some_tenant/t'。
\n类似地,如果另一个客户端 B(与客户端 A 连接到同一个侦听器)向主题 't' 发送消息,该消息将路由到所有订阅了'some_租户/t'的客户端,因此客户端 A 将接收主题名为't'的消息
\n\n设置为\"\" 以禁用该功能
\n\nmountpoint 字符串中的变量:\n- ${clientid}: clientid\n- ${username}: username", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-zone", + "text" : "zone", + "type" : "String", + "default" : "default" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-enable_authn", + "text" : "enable_authn", + "type" : "Enum(true,false,quick_deny_anonymous)", + "default" : "true" + }, + { + "doc" : "用于限制当前监听器接受连接的速率。\n\n一旦达到限制,EMQX 将暂停从接受队列中获取连接,从而延迟或拒绝新连接。\n\n例如:\n\n- 1000/s:每秒只接受 1000 个连接。\n- 1000/10s:每 10 秒只接受 1000 个连接。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "String", + "default" : "infinity" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的消息数量。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n例如:\n\n- 500/s:每秒只接收 500 条消息,剩余消息将被延迟。\n- 500/10s:每 10 秒只接收 500 条消息,剩余消息将被延迟。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-messages_rate", + "text" : "messages_rate", + "type" : "String" + }, + { + "doc" : "用于限制单个客户端每秒钟可以向 EMQX 发送的字节数。\n\n一旦达到限制,EMQX 将暂停从接收缓冲区读取数据,从而减慢甚至暂时挂起发送方。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- 500KB/s:每秒钟只接收 500 千字节,剩余字节将被延迟。\n- 500MB/10s:每 10 秒只接收 500 兆字节,剩余字节将被延迟。", + "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bytes_rate", + "text" : "bytes_rate", + "type" : "String" + } + ], + "text" : "mqtt_quic_listener" + } + ], + "hash" : "V-listeners-S-listeners-quic", + "text" : "quic", + "type" : "Map($name->OneOf(Struct(mqtt_quic_listener),String(\"marked_for_deletion\")))" + } + ], + "text" : "listeners" + } + ], + "hash" : "V-listeners", + "text" : "listeners", + "type" : "Struct(listeners)" + }, + { + "doc" : "全局的 MQTT 配置项。\nmqtt 下所有的配置作为全局的默认值存在,它可以被 zone 中的配置覆盖", + "refs" : [ + { + "doc" : "Global MQTT configuration.", + "hash" : "T-mqtt-S-mqtt", + "fields" : [ + { + "doc" : "设置连接被断开或进入休眠状态前的等待时间,空闲超时后,\n - 如暂未收到客户端的 CONNECT 报文,连接将断开;\n - 如已收到客户端的 CONNECT 报文,连接将进入休眠模式以节省系统资源。\n\n注意:请合理设置该参数值,如等待时间设置过长,可能造成系统资源的浪费。", + "hash" : "V-mqtt-S-mqtt-idle_timeout", + "text" : "idle_timeout", + "type" : "OneOf(String(\"infinity\"),Duration)", + "default" : "\"15s\"" + }, + { + "doc" : "允许的最大 MQTT 报文大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-mqtt-S-mqtt-max_packet_size", + "text" : "max_packet_size", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "允许的最大 MQTT Client ID 长度。", + "hash" : "V-mqtt-S-mqtt-max_clientid_len", + "text" : "max_clientid_len", + "type" : "Integer(23..65535)", + "default" : "65535" + }, + { + "doc" : "允许的最大主题层级。", + "hash" : "V-mqtt-S-mqtt-max_topic_levels", + "text" : "max_topic_levels", + "type" : "Integer(1..65535)", + "default" : "128" + }, + { + "doc" : "允许的最大主题别名数,0 表示不支持主题别名。", + "hash" : "V-mqtt-S-mqtt-max_topic_alias", + "text" : "max_topic_alias", + "type" : "Integer(0..65535)", + "default" : "65535" + }, + { + "doc" : "是否启用对 MQTT 保留消息的支持。", + "hash" : "V-mqtt-S-mqtt-retain_available", + "text" : "retain_available", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "是否启用对 MQTT 通配符订阅的支持。", + "hash" : "V-mqtt-S-mqtt-wildcard_subscription", + "text" : "wildcard_subscription", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "是否启用对 MQTT 共享订阅的支持。", + "hash" : "V-mqtt-S-mqtt-shared_subscription", + "text" : "shared_subscription", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "共享订阅的分发策略。\n - random:随机选择一个订阅者进行分发;\n - round_robin:从单个发布者处的消息依次分发给订阅者;\n - round_robin_per_group:所有消息依次分发给订阅者;\n - local:随机选择当前节点上的一个订阅者,如果当前节点没有订阅者,则在集群内随机选择;\n - sticky:持续将消息分发给最初选择的订阅者,直到他们的会话结束;\n - hash_clientid:哈希发布者的客户端 ID 以选择订阅者;\n - hash_topic:哈希发布主题以选择订阅者。", + "hash" : "V-mqtt-S-mqtt-shared_subscription_strategy", + "text" : "shared_subscription_strategy", + "type" : "Enum(random,round_robin,round_robin_per_group,sticky,local,hash_topic,hash_clientid)", + "default" : "round_robin" + }, + { + "doc" : "当 shared_subscription_strategy 为 `sticky` 时,初始订阅者选择的策略。\n - `random`: 随机选择订阅者;\n - `local`: 随机选择当前节点上的订阅者,如果当前节点上没有订阅者,则在集群中随机选择;\n - `hash_clientid`: 根据发布者的客户端 ID 进行哈希,选择订阅者;\n - `hash_topic`: 根据发布的主题进行哈希,选择订阅者。", + "hash" : "V-mqtt-S-mqtt-shared_subscription_initial_sticky_pick", + "text" : "shared_subscription_initial_sticky_pick", + "type" : "Enum(random,local,hash_topic,hash_clientid)", + "default" : "random" + }, + { + "doc" : "是否启用对 MQTT 排它订阅的支持。", + "hash" : "V-mqtt-S-mqtt-exclusive_subscription", + "text" : "exclusive_subscription", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "设置由 MQTT v3.1.1/v3.1.0 客户端发布的消息是否将转发给其本身;类似 MQTT 5.0 协议中的 No Local 选项。", + "hash" : "V-mqtt-S-mqtt-ignore_loop_deliver", + "text" : "ignore_loop_deliver", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "是否以严格模式解析 MQTT 消息。\n严格模式下,如客户端 ID、主题名称等中包含无效 utf8 字符串,连接将被断开。", + "hash" : "V-mqtt-S-mqtt-strict_mode", + "text" : "strict_mode", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "UTF-8 字符串,用于指定返回给客户端的响应主题,如 reqrsp/,此时请求和应答客户端都需要使用 reqrsp/ 前缀的主题来完成通讯。\n如希望禁用此功能,请在下方的文字框中输入\"\";仅适用于 MQTT 5.0 客户端。", + "hash" : "V-mqtt-S-mqtt-response_information", + "text" : "response_information", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "EMQX 要求的保活时间,如设为 disabled,则将使用客户端指定的保持连接时间;仅适用于 MQTT 5.0 客户端。", + "hash" : "V-mqtt-S-mqtt-server_keepalive", + "text" : "server_keepalive", + "type" : "OneOf(Integer(1..+inf),String(\"disabled\"))", + "default" : "disabled" + }, + { + "doc" : "EMQX 判定客户端 Keep Alive 超时使用的 Keep Alive 倍数。计算公式为:Keep Alive 超时 = Keep Alive 间隔 × Keep Alive 倍数。 默认值 1.5 遵循 MQTT 5.0 规范。此倍数可调整,为系统管理员提供根据特定需求进行定制的灵活性。例如,如果客户端的 10 秒保持连接间隔的 PINGREQ 因为额外的 10 秒延迟,将倍数更改为 2 可以让 EMQX 容忍此延迟。", + "hash" : "V-mqtt-S-mqtt-keepalive_multiplier", + "text" : "keepalive_multiplier", + "type" : "Number", + "default" : "1.5" + }, + { + "doc" : "检查传入 MQTT 数据包的频率,决定服务器检查新 MQTT 数据包的频率。\n如果在没有客户端发送任何数据包的情况下经过了一定时间,这段时间将累加起来。\n一旦累积时间超过 `keepalive-interval * keepalive-multiplier`,连接将被终止。\n默认设置为 30 秒,最小值为 1 秒,最大值为 `keepalive-interval / 2`。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-mqtt-S-mqtt-keepalive_check_interval", + "text" : "keepalive_check_interval", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "QoS 1/2 消息的重新投递间隔。", + "hash" : "V-mqtt-S-mqtt-retry_interval", + "text" : "retry_interval", + "type" : "OneOf(String(\"infinity\"),Duration)", + "default" : "infinity" + }, + { + "doc" : "是否使用用户名作为客户端 ID。\n此设置的作用时间晚于 对端证书作为用户名对端证书作为客户端 ID。", + "hash" : "V-mqtt-S-mqtt-use_username_as_clientid", + "text" : "use_username_as_clientid", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "使用对端证书中的 CN、DN 字段或整个证书内容来作为用户名;仅适用于 TLS 连接。\n目前支持:\n- cn: 取证书的 CN 字段\n- dn: 取证书的 DN 字段\n- crt: 取 DERPEM 的证书内容\n- pem: 将 DER 证书转换为 PEM 格式作为用户名\n- md5: 取 DERPEM 证书内容的 MD5 值", + "hash" : "V-mqtt-S-mqtt-peer_cert_as_username", + "text" : "peer_cert_as_username", + "type" : "Enum(disabled,cn,dn,crt,pem,md5)", + "default" : "disabled" + }, + { + "doc" : "使用对端证书中的 CN、DN 字段或整个证书内容来作为客户端 ID。仅适用于 TLS 连接;\n目前支持:\n- cn: 取证书的 CN 字段\n- dn: 取证书的 DN 字段\n- crt: 取 DERPEM 证书的内容\n- pem: 将 DER 证书内容转换为 PEM 格式作为客户端 ID\n- md5: 取 DERPEM 证书内容的 MD5 值", + "hash" : "V-mqtt-S-mqtt-peer_cert_as_clientid", + "text" : "peer_cert_as_clientid", + "type" : "Enum(disabled,cn,dn,crt,pem,md5)", + "default" : "disabled" + }, + { + "doc" : "指定如何初始化客户端属性。每个属性可被初始化为 `client_attrs.{NAME}` ,其中 `{NAME}` 是在配置字段 `set_as_attr` 中指定的属性名称。初始化的客户端属性将以指定的名称存储在 `client_attrs` 属性中。然后,它们可以在身份验证和授权过程的模板中用作占位符。例如,当 `set_as_attr = alias` 时,使用 `${client_attrs.alias}` 来渲染 HTTP POST 请求体,或者渲染监听器配置 `moutpoint = devices/${client_attrs.alias}/` 来初始化每个客户端独有的主题命名空间。", + "refs" : [ + { + "doc" : "指定如何初始化客户端属性。每个属性可被初始化为 `client_attrs.{NAME}` ,其中 `{NAME}` 是在配置字段 `set_as_attr` 中指定的属性名称。初始化的客户端属性将以指定的名称存储在 `client_attrs` 属性中。然后,它们可以在身份验证和授权过程的模板中用作占位符。例如,当 `set_as_attr = alias` 时,使用 `${client_attrs.alias}` 来渲染 HTTP POST 请求体,或者渲染监听器配置 `moutpoint = devices/${client_attrs.alias}/` 来初始化每个客户端独有的主题命名空间。", + "hash" : "T-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init", + "fields" : [ + { + "doc" : "单行表达式,用于求值一组预定义的字符串函数(类似规则引擎 SQL 语句中的函数)。\n表达式可以是带有嵌套调用的函数调用,或直接变量引用。\n目前,它不提供用户定义的变量绑定(如 `var a=1`)或用户定义的函数。\n例如,提取以点分隔的客户端 ID 的前缀:`nth(1, tokens(clientid, '.'))`。\n\n预绑定的变量包括:\n- `cn`: 客户端 TLS 证书的常用名称。\n- `dn`: 客户端 TLS 证书的专有名称(主题)。\n- `clientid`: MQTT 客户端 ID。\n- `username`: MQTT 客户端的用户名。\n- `user_property.{NAME}`: CONNECT 包中的用户属性。\n\n您可以在 EMQX 文档中了解更多关于各种表达式的信息。", + "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-expression", + "text" : "expression", + "type" : "String" + }, + { + "doc" : "从客户端数据中提取的客户端属性的名称。\n提取的属性将以此名称存储在 `client_attrs` 属性中。", + "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-set_as_attr", + "text" : "set_as_attr", + "type" : "String" + } + ], + "text" : "client_attrs_init" + } + ], + "hash" : "V-mqtt-S-mqtt-client_attrs_init", + "text" : "client_attrs_init", + "type" : "Array(Struct(client_attrs_init))", + "default" : "[]" + }, + { + "doc" : "指定会话将在连接断开后多久过期,仅适用于非 MQTT 5.0 的连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-mqtt-S-mqtt-session_expiry_interval", + "text" : "session_expiry_interval", + "type" : "Duration", + "default" : "\"2h\"" + }, + { + "doc" : "MQTT 消息的过期间隔。对于 MQTT 5.0 客户端,此配置仅在消息中未设置 Message-Expiry-Interval 属性时生效;否则,将使用 Message-Expiry-Interval 属性的值。对于 5.0 之前的 MQTT 版本,此配置将始终生效。请注意,将 message_expiry_interval 设置为大于 session_expiry_interval 是没有意义的,因为会话过期时所有消息将被清除。", + "hash" : "V-mqtt-S-mqtt-message_expiry_interval", + "text" : "message_expiry_interval", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "infinity" + }, + { + "doc" : "每个发布者的会话中,都存在一个队列来处理客户端发送的 QoS 2 消息。该队列会存储 QoS 2 消息的报文 ID 直到收到客户端的 PUBREL 或超时,达到队列长度的限制后,新的 QoS 2 消息发布会被拒绝,并返回 `147(0x93)` 错误。", + "hash" : "V-mqtt-S-mqtt-max_awaiting_rel", + "text" : "max_awaiting_rel", + "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))", + "default" : "100" + }, + { + "doc" : "允许的最大 QoS 等级。", + "hash" : "V-mqtt-S-mqtt-max_qos_allowed", + "text" : "max_qos_allowed", + "type" : "Integer(0..2)", + "default" : "2" + }, + { + "doc" : "主题优先级。取值范围 [1-255]\n默认优先级表为空,即所有的主题优先级相同。\n\n注:优先主题名称中不支持使用逗号和等号。\n注:不在此列表中的主题,被视为最高/最低优先级,这取决于mqtt.mqueue_default_priority 的配置。\n\n示例:\n配置 \"topic/1\" > \"topic/2\":\nmqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}", + "hash" : "V-mqtt-S-mqtt-mqueue_priorities", + "text" : "mqueue_priorities", + "type" : "OneOf(String(\"disabled\"),Map)", + "default" : "disabled" + }, + { + "doc" : "默认的主题优先级,不在 主题优先级mqueue_priorities) 中的主题将会使用该优先级。", + "hash" : "V-mqtt-S-mqtt-mqueue_default_priority", + "text" : "mqueue_default_priority", + "type" : "Enum(highest,lowest)", + "default" : "lowest" + }, + { + "doc" : "指定在连接断开但会话保持期间,是否需要在消息队列中存储 QoS 0 消息。", + "hash" : "V-mqtt-S-mqtt-mqueue_store_qos0", + "text" : "mqueue_store_qos0", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "消息队列最大长度。持久客户端断开连接或飞行窗口已满时排队的消息长度。", + "hash" : "V-mqtt-S-mqtt-max_mqueue_len", + "text" : "max_mqueue_len", + "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))", + "default" : "1000" + }, + { + "doc" : "允许在完成应答前同时投递的 QoS 1 和 QoS 2 消息的最大数量。", + "hash" : "V-mqtt-S-mqtt-max_inflight", + "text" : "max_inflight", + "type" : "Integer(1..65535)", + "default" : "32" + }, + { + "doc" : "允许每个客户端建立的最大订阅数量。", + "hash" : "V-mqtt-S-mqtt-max_subscriptions", + "text" : "max_subscriptions", + "type" : "OneOf(Integer(1..inf),String(\"infinity\"))", + "default" : "infinity" + }, + { + "doc" : "投递消息时,是否根据订阅主题时的 QoS 等级来强制提升派发的消息的 QoS 等级。", + "hash" : "V-mqtt-S-mqtt-upgrade_qos", + "text" : "upgrade_qos", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "客户端发布 QoS 2 消息时,服务器等待 `PUBREL` 的最长时延。超过该时长后服务器会放弃等待,该 PACKET ID 会被释放,从而允许后续新的 PUBLISH 消息使用。如果超时后收到 PUBREL,服务器将会产生一条告警日志。注意,向订阅客户端转发消息的动作发生在进入等待之前。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-mqtt-S-mqtt-await_rel_timeout", + "text" : "await_rel_timeout", + "type" : "Duration", + "default" : "\"300s\"" + } + ], + "text" : "mqtt" + } + ], + "hash" : "V-mqtt", + "text" : "mqtt", + "type" : "Struct(mqtt)" + }, + { + "doc" : "默认的 MQTT 监听器的全局认证配置。\n\n有关每个监听器的单独配置,请参阅监听器配置中的authentication。\n\n此选项可配置为:\n
    \n
  • []: 默认值,允许 *所有* 登录
    • \n
  • one: 例如 {enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}
    • \n
  • chain: 结构体数组。
    • \n
\n\n当配置了一个认证链时,登录凭据将按照配置的顺序检查后端,直到可以做出'允许'或'拒绝'的决定。\n\n如果在完全遍历认证链之后没有决定,登录将被拒绝。", + "refs" : [ + { + "doc" : "使用内置数据库作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-builtin_db", + "fields" : [ + { + "doc" : "Options for password hash creation and verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm (for DB backends with write capability).", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + }, + { + "doc" : "Work factor for BCRYPT password generation.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-salt_rounds", + "text" : "salt_rounds", + "type" : "Integer(5..10)", + "default" : "10" + } + ], + "text" : "bcrypt_rw" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-builtin_db-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt_rw),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-builtin_db-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-builtin_db-backend", + "text" : "backend", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "指定用于客户端身份 ID 认证的字段。", + "hash" : "V-authentication-S-builtin_db-user_id_type", + "text" : "user_id_type", + "type" : "Enum(clientid,username)", + "default" : "username" + }, + { + "doc" : "引导文件将用户导入内置数据库。\n对于数据库中已存在的用户 ID,不会重复导入。\n文件内容格式由 `bootstrap_type` 决定。", + "hash" : "V-authentication-S-builtin_db-bootstrap_file", + "text" : "bootstrap_file", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/auth-built-in-db-bootstrap.csv\"" + }, + { + "doc" : "指定引导文件的内容类型。\n\n- **`plain`**:\n - 所需数据字段: `user_id`, `password`, `is_superuser`\n - `user_id`: 可以是客户端 ID 或用户名,具体取决于内置数据库认证的 `user_id_type` 配置。\n - `password`: 用户的明文密码。\n - `is_superuser`: 布尔值,用户是否为管理员。\n\n- **`hash`**:\n - 所需数据字段 `user_id`,`password_hash`,`salt`,`is_superuser`\n - 定义与 `plain` 类型相似,为提高安全性增加了 `password_hash` 和 `salt`。\n\n内容可以是 CSV 或 JSON 格式。\n\n这是一个 CSV 示例:`user_id,password_hash,salt,is_superuser\\nmy_user,b6c743545a7817ae8c8f624371d5f5f0373234bb0ff36b8ffbf19bce0e06ab75,de1024f462fb83910fd13151bd4bd235,true`\n\nJSON 内容应解码为对象数组,例如:`[{\"user_id\": \"my_user\",\"password\": \"s3cr3tp@ssw0rd\",\"is_superuser\": true}]`.\n\n`password_hash` 的哈希字符串取决于内容数据库认证机制中 `password_hash_algorithm` 的配置。例如,如果配置为 `password_hash_algorithm {name = sha256, salt_position = suffix}`,则在哈希之前将 salt 添加到密码中。等效的 Python 表达式为: `hashlib.sha256(password + salt).hexdigest()`.", + "hash" : "V-authentication-S-builtin_db-bootstrap_type", + "text" : "bootstrap_type", + "type" : "Enum(hash,plain)", + "default" : "plain" + } + ], + "text" : "builtin_db" + }, + { + "doc" : "使用 MySQL 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-mysql", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-mysql-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-mysql-backend", + "text" : "backend", + "type" : "String(\"mysql\")" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mysql-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "用于查询密码散列等用于认证的数据的 SQL 语句。", + "hash" : "V-authentication-S-mysql-query", + "text" : "query", + "type" : "String" + }, + { + "doc" : "SQL 查询的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mysql-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式如下:主机[:端口]。
\n如果未指定[:端口],将使用 MySQL 的默认端口3306。", + "hash" : "V-authentication-S-mysql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authentication-S-mysql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-mysql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-mysql-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mysql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-mysql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mysql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mysql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mysql" + }, + { + "doc" : "使用 PostgreSQL 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-postgresql", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-postgresql-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-postgresql-backend", + "text" : "backend", + "type" : "String(\"postgresql\")" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-postgresql-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "用于查询密码散列等用于认证的数据的 SQL 语句。", + "hash" : "V-authentication-S-postgresql-query", + "text" : "query", + "type" : "String" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目的格式为:Host[:Port]。
\n如果没有指定 [:Port],将使用 PostgreSQL 默认端口 5432。", + "hash" : "V-authentication-S-postgresql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。", + "hash" : "V-authentication-S-postgresql-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authentication-S-postgresql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-postgresql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-postgresql-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-postgresql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-postgresql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-postgresql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-postgresql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "postgresql" + }, + { + "doc" : "使用 MongoDB (Standalone) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-mongo_single", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-mongo_single-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-mongo_single-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "存储认证数据的集合。", + "hash" : "V-authentication-S-mongo_single-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "在查询中定义过滤条件的条件表达式。\n过滤器支持如下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID", + "hash" : "V-authentication-S-mongo_single-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "存储密码散列值字段。", + "hash" : "V-authentication-S-mongo_single-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "用于存储盐值的字段。", + "hash" : "V-authentication-S-mongo_single-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "定义用户是否具有超级用户权限的字段。", + "hash" : "V-authentication-S-mongo_single-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_single-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "独立实例。当MongoDB服务器以独立模式运行时,必须设置为`single`。", + "hash" : "V-authentication-S-mongo_single-mongo_type", + "text" : "mongo_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
主机条目具有以下形式:主机[:端口]。
如果未指定[:端口],则使用MongoDB的默认端口27017。", + "hash" : "V-authentication-S-mongo_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authentication-S-mongo_single-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authentication-S-mongo_single-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-mongo_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-mongo_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authentication-S-mongo_single-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authentication-S-mongo_single-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authentication-S-mongo_single-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authentication-S-mongo_single-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_single-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_single" + }, + { + "doc" : "使用 MongoDB (Replica Set) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-mongo_rs", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-mongo_rs-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-mongo_rs-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "存储认证数据的集合。", + "hash" : "V-authentication-S-mongo_rs-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "在查询中定义过滤条件的条件表达式。\n过滤器支持如下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID", + "hash" : "V-authentication-S-mongo_rs-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "存储密码散列值字段。", + "hash" : "V-authentication-S-mongo_rs-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "用于存储盐值的字段。", + "hash" : "V-authentication-S-mongo_rs-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "定义用户是否具有超级用户权限的字段。", + "hash" : "V-authentication-S-mongo_rs-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "副本集。当MongoDB服务器以`副本集`模式运行时,必须设置为`rs`。", + "hash" : "V-authentication-S-mongo_rs-mongo_type", + "text" : "mongo_type", + "type" : "String(\"rs\")", + "default" : "rs" + }, + { + "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。", + "hash" : "V-authentication-S-mongo_rs-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authentication-S-mongo_rs-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "读取模式。", + "hash" : "V-authentication-S-mongo_rs-r_mode", + "text" : "r_mode", + "type" : "Enum(master,slave_ok)", + "default" : "master" + }, + { + "doc" : "副本集的名称。", + "hash" : "V-authentication-S-mongo_rs-replica_set_name", + "text" : "replica_set_name", + "type" : "String" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authentication-S-mongo_rs-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-mongo_rs-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-mongo_rs-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_rs-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authentication-S-mongo_rs-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authentication-S-mongo_rs-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authentication-S-mongo_rs-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authentication-S-mongo_rs-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_rs-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_rs-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_rs-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_rs" + }, + { + "doc" : "使用 MongoDB (Sharded Cluster) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-mongo_sharded", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-mongo_sharded-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-mongo_sharded-backend", + "text" : "backend", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "存储认证数据的集合。", + "hash" : "V-authentication-S-mongo_sharded-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "在查询中定义过滤条件的条件表达式。\n过滤器支持如下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID", + "hash" : "V-authentication-S-mongo_sharded-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "存储密码散列值字段。", + "hash" : "V-authentication-S-mongo_sharded-password_hash_field", + "text" : "password_hash_field", + "type" : "String", + "default" : "password_hash" + }, + { + "doc" : "用于存储盐值的字段。", + "hash" : "V-authentication-S-mongo_sharded-salt_field", + "text" : "salt_field", + "type" : "String", + "default" : "salt" + }, + { + "doc" : "定义用户是否具有超级用户权限的字段。", + "hash" : "V-authentication-S-mongo_sharded-is_superuser_field", + "text" : "is_superuser_field", + "type" : "String", + "default" : "is_superuser" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "分片集群。当 MongoDB 服务器以`分片`模式运行时,必须设置为`sharded`。", + "hash" : "V-authentication-S-mongo_sharded-mongo_type", + "text" : "mongo_type", + "type" : "String(\"sharded\")", + "default" : "sharded" + }, + { + "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。", + "hash" : "V-authentication-S-mongo_sharded-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authentication-S-mongo_sharded-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authentication-S-mongo_sharded-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-mongo_sharded-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-mongo_sharded-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_sharded-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authentication-S-mongo_sharded-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authentication-S-mongo_sharded-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authentication-S-mongo_sharded-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authentication-S-mongo_sharded-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authentication-S-mongo_sharded-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-mongo_sharded-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-mongo_sharded-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_sharded" + }, + { + "doc" : "使用 Redis (Standalone) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-redis_single", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-redis_single-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-redis_single-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "用于查询密码散列等用于认证的数据的 Redis 命令,目前仅支持 HGETHMGET。", + "hash" : "V-authentication-S-redis_single-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_single-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authentication-S-redis_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Single 模式。 当 Redis 服务器在 Single 模式下运行时必须设置为 'single' 。", + "hash" : "V-authentication-S-redis_single-redis_type", + "text" : "redis_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-redis_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-redis_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis 数据库 ID。", + "hash" : "V-authentication-S-redis_single-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_single-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_single" + }, + { + "doc" : "使用 Redis (Cluster) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-redis_cluster", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-redis_cluster-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-redis_cluster-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "用于查询密码散列等用于认证的数据的 Redis 命令,目前仅支持 HGETHMGET。", + "hash" : "V-authentication-S-redis_cluster-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authentication-S-redis_cluster-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Cluster 模式。当 Redis 服务器在集群模式下运行时必须设置为'cluster'。", + "hash" : "V-authentication-S-redis_cluster-redis_type", + "text" : "redis_type", + "type" : "String(\"cluster\")", + "default" : "cluster" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-redis_cluster-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-redis_cluster-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_cluster-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_cluster-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_cluster-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_cluster-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_cluster" + }, + { + "doc" : "使用 Redis (Sentinel) 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-redis_sentinel", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-redis_sentinel-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-redis_sentinel-backend", + "text" : "backend", + "type" : "String(\"redis\")" + }, + { + "doc" : "用于查询密码散列等用于认证的数据的 Redis 命令,目前仅支持 HGETHMGET。", + "hash" : "V-authentication-S-redis_sentinel-cmd", + "text" : "cmd", + "type" : "String" + }, + { + "doc" : "Options for password hash verification.", + "refs" : [ + { + "doc" : "Settings for bcrypt password hashing algorithm.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt", + "fields" : [ + { + "doc" : "BCRYPT password hashing.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt-name", + "text" : "name", + "type" : "String(\"bcrypt\")" + } + ], + "text" : "bcrypt" + }, + { + "doc" : "Settings for PBKDF2 password hashing algorithm.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2", + "fields" : [ + { + "doc" : "PBKDF2 password hashing.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-name", + "text" : "name", + "type" : "String(\"pbkdf2\")" + }, + { + "doc" : "Specifies mac_fun for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-mac_fun", + "text" : "mac_fun", + "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)" + }, + { + "doc" : "Iteration count for PBKDF2 hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-iterations", + "text" : "iterations", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-dk_length", + "text" : "dk_length", + "type" : "Integer(1..+inf)" + } + ], + "text" : "pbkdf2" + }, + { + "doc" : "Settings for simple algorithms.", + "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-simple", + "fields" : [ + { + "doc" : "Simple password hashing algorithm.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-name", + "text" : "name", + "type" : "Enum(plain,md5,sha,sha256,sha512)" + }, + { + "doc" : "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.", + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-salt_position", + "text" : "salt_position", + "type" : "Enum(disable,prefix,suffix)", + "default" : "prefix" + } + ], + "text" : "simple" + } + ], + "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm", + "text" : "password_hash_algorithm", + "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))", + "default" : "{name = sha256, salt_position = prefix}" + }, + { + "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authentication-S-redis_sentinel-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Sentinel 模式。 当 Redis 服务器在 Senitel 模式下运行时必须设置为 'sentinel' 。", + "hash" : "V-authentication-S-redis_sentinel-redis_type", + "text" : "redis_type", + "type" : "String(\"sentinel\")", + "default" : "sentinel" + }, + { + "doc" : "Redis sentinel 模式下的集群名称。", + "hash" : "V-authentication-S-redis_sentinel-sentinel", + "text" : "sentinel", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-redis_sentinel-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-redis_sentinel-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_sentinel-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis 数据库 ID。", + "hash" : "V-authentication-S-redis_sentinel-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authentication-S-redis_sentinel-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-redis_sentinel-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-redis_sentinel-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "redis_sentinel" + }, + { + "doc" : "使用 HTTP Server 作为认证服务的认证器的配置项 (使用 GET 请求)。", + "hash" : "T-authentication-S-http_get", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-http_get-method", + "text" : "method", + "type" : "String(\"get\")" + }, + { + "doc" : "HTTP Headers 列表 (无 content-type) 。", + "hash" : "V-authentication-S-http_get-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-http_get-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-http_get-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "认证 HTTP 服务器地址。", + "hash" : "V-authentication-S-http_get-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求体。", + "hash" : "V-authentication-S-http_get-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP 请求超时时长。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_get-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "配置 HTTP 请求参数。", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-http_get-request-S-request", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-http_get-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-http_get-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-http_get-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-authentication-S-http_get-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-authentication-S-http_get-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_get-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-http_get-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-http_get-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-http_get-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "连接池大小。", + "hash" : "V-authentication-S-http_get-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_get-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_get-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-http_get-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-authentication-S-http_get-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + } + ], + "text" : "http_get" + }, + { + "doc" : "使用 HTTP Server 作为认证服务的认证器的配置项 (使用 POST 请求)。", + "hash" : "T-authentication-S-http_post", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-http_post-method", + "text" : "method", + "type" : "String(\"post\")" + }, + { + "doc" : "HTTP Headers 列表", + "hash" : "V-authentication-S-http_post-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-http_post-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-http_post-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "认证 HTTP 服务器地址。", + "hash" : "V-authentication-S-http_post-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求体。", + "hash" : "V-authentication-S-http_post-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP 请求超时时长。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_post-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "配置 HTTP 请求参数。", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-http_post-request-S-request", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-http_post-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-http_post-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-http_post-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-authentication-S-http_post-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-authentication-S-http_post-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_post-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-http_post-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-http_post-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-http_post-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "连接池大小。", + "hash" : "V-authentication-S-http_post-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_post-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-http_post-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-http_post-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-authentication-S-http_post-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + } + ], + "text" : "http_post" + }, + { + "doc" : "用于认证的 JWT 使用 HMAC 算法签发时的配置。", + "hash" : "T-authentication-S-jwt_hmac", + "fields" : [ + { + "doc" : "JWT 签名算法,支持 HMAC (配置为 hmac-based)和 RSA、ECDSA (配置为 public-key)。", + "hash" : "V-authentication-S-jwt_hmac-algorithm", + "text" : "algorithm", + "type" : "Enum(hmac-based)" + }, + { + "doc" : "使用 HMAC 算法时用于验证 JWT 的密钥", + "hash" : "V-authentication-S-jwt_hmac-secret", + "text" : "secret", + "type" : "String" + }, + { + "doc" : "密钥是否为 base64 编码。", + "hash" : "V-authentication-S-jwt_hmac-secret_base64_encoded", + "text" : "secret_base64_encoded", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-jwt_hmac-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "用于获取 ACL 规则的 JWT 声明名称。", + "hash" : "V-authentication-S-jwt_hmac-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "需要验证的自定义声明列表,是一个由名称/值对组成的列表。指定一个键(Key)来查找 JWT 中对应的声明(Claim),并提供一个预期值(Expected Value)来与声明的实际值进行比较,以确保只有满足特定条件的 JWT 才能被接受和使用。\n例如要求 JWT 中的特定声明(如 clientid)的值必须与当前连接的客户端 ID 相匹配。\n预期值可以使用以下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID\n身份认证将确认 JWT 中的声明值(从密码字段中获取)与 verify_claims 中要求的内容是否匹配。", + "hash" : "V-authentication-S-jwt_hmac-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "在 token 过期后断开客户端连接。", + "hash" : "V-authentication-S-jwt_hmac-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "指定客户端连接请求中 JWT 的位置。", + "hash" : "V-authentication-S-jwt_hmac-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_hmac" + }, + { + "doc" : "用于认证的 JWT 使用 RSA 或 ECDSA 算法签发时的配置。", + "hash" : "T-authentication-S-jwt_public_key", + "fields" : [ + { + "doc" : "JWT 签名算法,支持 HMAC (配置为 hmac-based)和 RSA、ECDSA (配置为 public-key)。", + "hash" : "V-authentication-S-jwt_public_key-algorithm", + "text" : "algorithm", + "type" : "Enum(public-key)" + }, + { + "doc" : "用于验证 JWT 的公钥。", + "hash" : "V-authentication-S-jwt_public_key-public_key", + "text" : "public_key", + "type" : "String" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-jwt_public_key-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "用于获取 ACL 规则的 JWT 声明名称。", + "hash" : "V-authentication-S-jwt_public_key-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "需要验证的自定义声明列表,是一个由名称/值对组成的列表。指定一个键(Key)来查找 JWT 中对应的声明(Claim),并提供一个预期值(Expected Value)来与声明的实际值进行比较,以确保只有满足特定条件的 JWT 才能被接受和使用。\n例如要求 JWT 中的特定声明(如 clientid)的值必须与当前连接的客户端 ID 相匹配。\n预期值可以使用以下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID\n身份认证将确认 JWT 中的声明值(从密码字段中获取)与 verify_claims 中要求的内容是否匹配。", + "hash" : "V-authentication-S-jwt_public_key-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "在 token 过期后断开客户端连接。", + "hash" : "V-authentication-S-jwt_public_key-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "指定客户端连接请求中 JWT 的位置。", + "hash" : "V-authentication-S-jwt_public_key-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_public_key" + }, + { + "doc" : "用于认证的 JWTs 需要从 JWKS 端点获取时的配置。", + "hash" : "T-authentication-S-jwt_jwks", + "fields" : [ + { + "doc" : "是否使用 JWKS。", + "hash" : "V-authentication-S-jwt_jwks-use_jwks", + "text" : "use_jwks", + "type" : "Enum(true)" + }, + { + "doc" : "JWKS 端点, 它是一个以 JWKS 格式返回服务端的公钥集的只读端点。", + "hash" : "V-authentication-S-jwt_jwks-endpoint", + "text" : "endpoint", + "type" : "String" + }, + { + "doc" : "JWKS 请求中需要发送的 HTTP 请求头列表。", + "hash" : "V-authentication-S-jwt_jwks-headers", + "text" : "headers", + "type" : "Map", + "default" : "{Accept = \"application/json\"}" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-jwt_jwks-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "JWKS 刷新间隔。", + "hash" : "V-authentication-S-jwt_jwks-refresh_interval", + "text" : "refresh_interval", + "type" : "Integer", + "default" : "300" + }, + { + "doc" : "SSL 选项。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-jwt_jwks-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-jwt_jwks-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-jwt_jwks-mechanism", + "text" : "mechanism", + "type" : "String(\"jwt\")" + }, + { + "doc" : "用于获取 ACL 规则的 JWT 声明名称。", + "hash" : "V-authentication-S-jwt_jwks-acl_claim_name", + "text" : "acl_claim_name", + "type" : "String", + "default" : "acl" + }, + { + "doc" : "需要验证的自定义声明列表,是一个由名称/值对组成的列表。指定一个键(Key)来查找 JWT 中对应的声明(Claim),并提供一个预期值(Expected Value)来与声明的实际值进行比较,以确保只有满足特定条件的 JWT 才能被接受和使用。\n例如要求 JWT 中的特定声明(如 clientid)的值必须与当前连接的客户端 ID 相匹配。\n预期值可以使用以下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID\n身份认证将确认 JWT 中的声明值(从密码字段中获取)与 verify_claims 中要求的内容是否匹配。", + "hash" : "V-authentication-S-jwt_jwks-verify_claims", + "text" : "verify_claims", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "在 token 过期后断开客户端连接。", + "hash" : "V-authentication-S-jwt_jwks-disconnect_after_expire", + "text" : "disconnect_after_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "指定客户端连接请求中 JWT 的位置。", + "hash" : "V-authentication-S-jwt_jwks-from", + "text" : "from", + "type" : "Enum(username,password)", + "default" : "password" + } + ], + "text" : "jwt_jwks" + }, + { + "doc" : "Settings for Salted Challenge Response Authentication Mechanism\n(SCRAM) authentication.", + "hash" : "T-authentication-S-scram", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-scram-mechanism", + "text" : "mechanism", + "type" : "String(\"scram\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-scram-backend", + "text" : "backend", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "Hashing algorithm.", + "hash" : "V-authentication-S-scram-algorithm", + "text" : "algorithm", + "type" : "Enum(sha256,sha512)", + "default" : "sha256" + }, + { + "doc" : "Iteration count.", + "hash" : "V-authentication-S-scram-iteration_count", + "text" : "iteration_count", + "type" : "Integer(0..+inf)", + "default" : "4096" + } + ], + "text" : "scram" + }, + { + "doc" : "使用 LDAP 作为认证数据源的认证器的配置项。", + "hash" : "T-authentication-S-ldap", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-ldap-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-ldap-backend", + "text" : "backend", + "type" : "String(\"ldap\")" + }, + { + "doc" : "LDAP 查询的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机名条目的格式为:`主机[:端口]`。
\n如果 `[:端口]` 未指定, 将使用 LDAP 默认端口 389。", + "hash" : "V-authentication-S-ldap-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-ldap-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-ldap-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-ldap-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "与基本对象条目(或根)相关的名称。\n搜索用户的起点。", + "hash" : "V-authentication-S-ldap-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "定义哪些条件必须被依次满足的过滤器\n用于搜索匹配一条给定的条目.
\n筛选器的语法遵循 RFC 4515,并且还支持占位符。", + "hash" : "V-authentication-S-ldap-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "设置每个单独请求所使用的最大时间(以毫秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "启用 SSL 连接。", + "hash" : "T-authentication-S-ldap-ssl-S-ssl", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-ldap-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authentication-S-ldap-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + }, + { + "doc" : "认证方式。", + "refs" : [ + { + "doc" : "通过将本地密码与经过由`密码属性`指定的算法加密的密码进行比对来进行认证。", + "hash" : "T-authentication-S-ldap-method-S-hash_method", + "fields" : [ + { + "doc" : "认证方式类型。", + "hash" : "V-authentication-S-ldap-method-S-hash_method-type", + "text" : "type", + "type" : "Enum(hash)", + "default" : "hash" + }, + { + "doc" : "指示哪个属性用于表示用户密码。", + "hash" : "V-authentication-S-ldap-method-S-hash_method-password_attribute", + "text" : "password_attribute", + "type" : "String", + "default" : "userPassword" + }, + { + "doc" : "指示哪个属性用于表示用户是否为超级用户。", + "hash" : "V-authentication-S-ldap-method-S-hash_method-is_superuser_attribute", + "text" : "is_superuser_attribute", + "type" : "String", + "default" : "isSuperuser" + } + ], + "text" : "hash_method" + }, + { + "doc" : "通过 LDAP 绑定操作进行认证。", + "hash" : "T-authentication-S-ldap-method-S-bind_method", + "fields" : [ + { + "doc" : "认证方式类型。", + "hash" : "V-authentication-S-ldap-method-S-bind_method-type", + "text" : "type", + "type" : "Enum(bind)", + "default" : "bind" + }, + { + "doc" : "绑定密码的模版", + "hash" : "V-authentication-S-ldap-method-S-bind_method-bind_password", + "text" : "bind_password", + "type" : "String", + "default" : "\"${password}\"" + } + ], + "text" : "bind_method" + } + ], + "hash" : "V-authentication-S-ldap-method", + "text" : "method", + "type" : "OneOf(Struct(hash_method),Struct(bind_method))" + } + ], + "text" : "ldap" + }, + { + "doc" : "这是一种已弃用的形式,应避免使用。", + "hash" : "T-authentication-S-ldap_deprecated", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-ldap_deprecated-mechanism", + "text" : "mechanism", + "type" : "String(\"password_based\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-ldap_deprecated-backend", + "text" : "backend", + "type" : "String(\"ldap\")" + }, + { + "doc" : "LDAP 查询的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap_deprecated-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机名条目的格式为:`主机[:端口]`。
\n如果 `[:端口]` 未指定, 将使用 LDAP 默认端口 389。", + "hash" : "V-authentication-S-ldap_deprecated-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authentication-S-ldap_deprecated-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authentication-S-ldap_deprecated-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-ldap_deprecated-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "与基本对象条目(或根)相关的名称。\n搜索用户的起点。", + "hash" : "V-authentication-S-ldap_deprecated-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "定义哪些条件必须被依次满足的过滤器\n用于搜索匹配一条给定的条目.
\n筛选器的语法遵循 RFC 4515,并且还支持占位符。", + "hash" : "V-authentication-S-ldap_deprecated-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "设置每个单独请求所使用的最大时间(以毫秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap_deprecated-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "启用 SSL 连接。", + "hash" : "T-authentication-S-ldap_deprecated-ssl-S-ssl", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-ldap_deprecated-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authentication-S-ldap_deprecated-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + }, + { + "doc" : "指示哪个属性用于表示用户密码。", + "hash" : "V-authentication-S-ldap_deprecated-password_attribute", + "text" : "password_attribute", + "type" : "String", + "default" : "userPassword" + }, + { + "doc" : "指示哪个属性用于表示用户是否为超级用户。", + "hash" : "V-authentication-S-ldap_deprecated-is_superuser_attribute", + "text" : "is_superuser_attribute", + "type" : "String", + "default" : "isSuperuser" + } + ], + "text" : "ldap_deprecated" + }, + { + "doc" : "使用 GCP 设备作为认证数据源的认证器配置。", + "hash" : "T-authentication-S-gcp_device", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-gcp_device-mechanism", + "text" : "mechanism", + "type" : "String(\"gcp_device\")" + } + ], + "text" : "gcp_device" + }, + { + "doc" : "使用 HTTP Server 作为认证服务的认证器的配置项 (使用 GET 请求)。", + "hash" : "T-authentication-S-scram_restapi_get", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-scram_restapi_get-method", + "text" : "method", + "type" : "String(\"get\")" + }, + { + "doc" : "HTTP Headers 列表 (无 content-type) 。", + "hash" : "V-authentication-S-scram_restapi_get-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-scram_restapi_get-mechanism", + "text" : "mechanism", + "type" : "String(\"scram\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-scram_restapi_get-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "Hashing algorithm.", + "hash" : "V-authentication-S-scram_restapi_get-algorithm", + "text" : "algorithm", + "type" : "Enum(sha256,sha512)", + "default" : "sha256" + }, + { + "doc" : "Iteration count.", + "hash" : "V-authentication-S-scram_restapi_get-iteration_count", + "text" : "iteration_count", + "type" : "Integer(0..+inf)", + "default" : "4096" + }, + { + "doc" : "认证 HTTP 服务器地址。", + "hash" : "V-authentication-S-scram_restapi_get-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求体。", + "hash" : "V-authentication-S-scram_restapi_get-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP 请求超时时长。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-scram_restapi_get-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-scram_restapi_get-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-scram_restapi_get-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-scram_restapi_get-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "连接池大小。", + "hash" : "V-authentication-S-scram_restapi_get-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-authentication-S-scram_restapi_get-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "配置 HTTP 请求参数。", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-scram_restapi_get-request-S-request", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-scram_restapi_get-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-scram_restapi_get-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-scram_restapi_get-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "scram_restapi_get" + }, + { + "doc" : "使用 HTTP Server 作为认证服务的认证器的配置项 (使用 POST 请求)。", + "hash" : "T-authentication-S-scram_restapi_post", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-scram_restapi_post-method", + "text" : "method", + "type" : "String(\"post\")" + }, + { + "doc" : "HTTP Headers 列表", + "hash" : "V-authentication-S-scram_restapi_post-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}" + }, + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-scram_restapi_post-mechanism", + "text" : "mechanism", + "type" : "String(\"scram\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-scram_restapi_post-backend", + "text" : "backend", + "type" : "String(\"http\")" + }, + { + "doc" : "Hashing algorithm.", + "hash" : "V-authentication-S-scram_restapi_post-algorithm", + "text" : "algorithm", + "type" : "Enum(sha256,sha512)", + "default" : "sha256" + }, + { + "doc" : "Iteration count.", + "hash" : "V-authentication-S-scram_restapi_post-iteration_count", + "text" : "iteration_count", + "type" : "Integer(0..+inf)", + "default" : "4096" + }, + { + "doc" : "认证 HTTP 服务器地址。", + "hash" : "V-authentication-S-scram_restapi_post-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求体。", + "hash" : "V-authentication-S-scram_restapi_post-body", + "text" : "body", + "type" : "Map" + }, + { + "doc" : "HTTP 请求超时时长。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-scram_restapi_post-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-scram_restapi_post-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authentication-S-scram_restapi_post-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-scram_restapi_post-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "连接池大小。", + "hash" : "V-authentication-S-scram_restapi_post-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-authentication-S-scram_restapi_post-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "配置 HTTP 请求参数。", + "refs" : [ + { + "doc" : "", + "hash" : "T-authentication-S-scram_restapi_post-request-S-request", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-scram_restapi_post-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authentication-S-scram_restapi_post-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authentication-S-scram_restapi_post-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "scram_restapi_post" + }, + { + "doc" : "Settings for Kerberos authentication.", + "hash" : "T-authentication-S-kerberos", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-kerberos-mechanism", + "text" : "mechanism", + "type" : "String(\"gssapi\")" + }, + { + "doc" : "后端类型。", + "hash" : "V-authentication-S-kerberos-backend", + "text" : "backend", + "type" : "String(\"kerberos\")" + }, + { + "doc" : "服务器的 Kerberos 主体。\n例如: mqtt/emqx-cluster-1.example.com@MY_REALM.EXAMPLE.COM。\n注意:所使用的领域需要在 EMQX 节点的 /etc/krb5.conf 文件中配置。", + "hash" : "V-authentication-S-kerberos-principal", + "text" : "principal", + "type" : "String" + } + ], + "text" : "kerberos" + }, + { + "doc" : "基于客户端信息(如用户名、客户端ID、\n客户端属性以及从 TLS 证书提取的数据)进行客户端认证。", + "hash" : "T-authentication-S-cinfo", + "fields" : [ + { + "doc" : "认证方式。", + "hash" : "V-authentication-S-cinfo-mechanism", + "text" : "mechanism", + "type" : "String(\"cinfo\")" + }, + { + "doc" : "对客户端信息执行的一组检查。\n如果所有检查都被跳过,则返回默认结果 `ignore`。\n`ignore` 结果表示将认证流程交由链中的下一个认证器处理。", + "refs" : [ + { + "doc" : "对客户端信息进行的检查。\n它定义了一个匹配条件,并在条件为 `true` 时返回结果。\n如果所有检查都被跳过,则返回默认结果 `ignore`。", + "hash" : "T-authentication-S-cinfo-checks-S-cinfo_check", + "fields" : [ + { + "doc" : "一个 Variform 表达式或表达式数组,用于评估一组从客户端信息派生的预绑定变量。\n支持的变量:\n- `username`: 客户端的用户名。\n- `password`:客户端的密码。\n- `clientid`: 客户端的客户端。\n- `client_attrs.*`: 客户端的客户端属性。\n- `peerhost`: 客户端的 IP 地址。\n- `cert_subject`: TLS 证书的主体\n- `cert_common_name`: TLS 证书通用名称。\n- `zone`:与接受客户端的监听器关联的配置区域。\n如果所有表达式的结果都是字符串值 'true',则从此认证器返回关联的 result。\n如果任何表达式的结果不是 'true',则跳过当前检查。", + "hash" : "V-authentication-S-cinfo-checks-S-cinfo_check-is_match", + "text" : "is_match", + "type" : "OneOf(String,Array(String))" + }, + { + "doc" : "当匹配条件为 `true` 时返回的结果。\n支持的结果:\n- `ignore`: 将身份验证交由链中的下一个认证器处理。\n- `allow`: 允许客户端连接。\n- `deny`: 拒绝客户端连接。", + "hash" : "V-authentication-S-cinfo-checks-S-cinfo_check-result", + "text" : "result", + "type" : "Enum(allow,deny,ignore)" + } + ], + "text" : "cinfo_check" + } + ], + "hash" : "V-authentication-S-cinfo-checks", + "text" : "checks", + "type" : "Array(Struct(cinfo_check))" + } + ], + "text" : "cinfo" + } + ], + "hash" : "V-authentication", + "text" : "authentication", + "type" : "Array(OneOf(Struct(builtin_db),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(redis_single),Struct(redis_cluster),Struct(redis_sentinel),Struct(http_get),Struct(http_post),Struct(jwt_hmac),Struct(jwt_public_key),Struct(jwt_jwks),Struct(scram),Struct(ldap),Struct(ldap_deprecated),Struct(gcp_device),Struct(scram_restapi_get),Struct(scram_restapi_post),Struct(kerberos),Struct(cinfo)))", + "default" : "[]" + }, + { + "doc" : "授权(ACL)。EMQX 支持完整的客户端访问控制(ACL)。", + "refs" : [ + { + "doc" : "授权相关", + "hash" : "T-authorization-S-authorization", + "fields" : [ + { + "doc" : "如果用户或客户端不匹配 ACL 规则,或者从可配置授权源(比如内置数据库、HTTP API 或 PostgreSQL 等。)内未找\n到此类用户或客户端时,模式的认访问控制操作。\n在“授权”中查找更多详细信息。", + "hash" : "V-authorization-S-authorization-no_match", + "text" : "no_match", + "type" : "Enum(allow,deny)", + "default" : "allow" + }, + { + "doc" : "授权检查拒绝操作时的操作。", + "hash" : "V-authorization-S-authorization-deny_action", + "text" : "deny_action", + "type" : "Enum(ignore,disconnect)", + "default" : "ignore" + }, + { + "refs" : [ + { + "doc" : "Settings for the authorization cache.", + "hash" : "T-authorization-S-authorization-cache-S-authz_cache", + "fields" : [ + { + "doc" : "缓存项的最大数量。", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-max_size", + "text" : "max_size", + "type" : "Integer(1..1048576)", + "default" : "32" + }, + { + "doc" : "缓存数据的生存时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-ttl", + "text" : "ttl", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "排除主题列表,列表内的主题将不会生成授权缓存。", + "hash" : "V-authorization-S-authorization-cache-S-authz_cache-excludes", + "text" : "excludes", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "authz_cache" + } + ], + "hash" : "V-authorization-S-authorization-cache", + "text" : "cache", + "type" : "Struct(authz_cache)" + }, + { + "doc" : "
\n授权(ACL)数据提供者的数组。\n它被设计为一个数组,而不是哈希映射,因此可以\n将源按顺序排列形成访问控制链。
\n\n在授权 '发布' 或 '订阅' 操作时,配置的\n源会按顺序检查。在检查 ACL 源时,\n如果未找到客户端(通过用户名或客户端 ID 标识),\n则继续检查下一个源。一旦返回 '允许' 或 '拒绝' 决定,\n立即停止检查。
\n\n如果在任何源中都未找到客户端,\n则应用 'authorization.no_match' 中配置的默认操作。
\n\n注意:\n源元素由它们的 '类型' 标识。\n不允许配置两个或更多相同类型的源。", + "refs" : [ + { + "doc" : "使用 ACL 文件授权。", + "hash" : "T-authorization-S-authorization-sources-S-file", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-file-type", + "text" : "type", + "type" : "String(\"file\")" + }, + { + "doc" : "包含 ACL 规则的文件路径。\n如果该文件在启动 EMQX 节点之前已经配置好,\n只要 EMQX 有读取权限,它可以放置在任何位置。\n即,EMQX 将把它视为只读。\n\n如果规则集是从 EMQX Dashboard 或 HTTP API 创建或更新的,\n将创建一个新文件并放置在 EMQX 的 data_dir 中的 authz 子目录下,\n旧文件将不再使用。", + "hash" : "V-authorization-S-authorization-sources-S-file-path", + "text" : "path", + "type" : "String" + } + ], + "text" : "file" + }, + { + "doc" : "使用内置数据库 (mnesia) 进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-builtin_db", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-builtin_db-type", + "text" : "type", + "type" : "String(\"built_in_database\")" + }, + { + "doc" : "每个客户端/用户的最大规则数。请注意,随着规则数量的增加,性能可能会下降。", + "hash" : "V-authorization-S-authorization-sources-S-builtin_db-max_rules", + "text" : "max_rules", + "type" : "Integer(1..+inf)", + "default" : "100" + } + ], + "text" : "builtin_db" + }, + { + "doc" : "使用外部 HTTP 服务器授权(GET 请求)。", + "hash" : "T-authorization-S-authorization-sources-S-http_get", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-http_get-type", + "text" : "type", + "type" : "String(\"http\")" + }, + { + "doc" : "认证服务器地址", + "hash" : "V-authorization-S-authorization-sources-S-http_get-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求超时。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request_timeout", + "text" : "request_timeout", + "type" : "String", + "default" : "\"30s\"" + }, + { + "doc" : "HTTP 请求体", + "hash" : "V-authorization-S-authorization-sources-S-http_get-body", + "text" : "body", + "type" : "Map($name->String)" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "配置 HTTP 请求参数。", + "refs" : [ + { + "doc" : "", + "hash" : "T-authorization-S-authorization-sources-S-http_get-request-S-request", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_get-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "HTTP 请求方法", + "hash" : "V-authorization-S-authorization-sources-S-http_get-method", + "text" : "method", + "type" : "String(\"get\")" + }, + { + "doc" : "HTTP Headers 列表 (无 content-type) 。", + "hash" : "V-authorization-S-authorization-sources-S-http_get-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}" + } + ], + "text" : "http_get" + }, + { + "doc" : "使用外部 HTTP 服务器授权(POST 请求)。", + "hash" : "T-authorization-S-authorization-sources-S-http_post", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-http_post-type", + "text" : "type", + "type" : "String(\"http\")" + }, + { + "doc" : "认证服务器地址", + "hash" : "V-authorization-S-authorization-sources-S-http_post-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求超时。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request_timeout", + "text" : "request_timeout", + "type" : "String", + "default" : "\"30s\"" + }, + { + "doc" : "HTTP 请求体", + "hash" : "V-authorization-S-authorization-sources-S-http_post-body", + "text" : "body", + "type" : "Map($name->String)" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "配置 HTTP 请求参数。", + "refs" : [ + { + "doc" : "", + "hash" : "T-authorization-S-authorization-sources-S-http_post-request-S-request", + "fields" : [ + { + "doc" : "HTTP 请求方法。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-method", + "text" : "method", + "type" : "String" + }, + { + "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "request" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_post-request", + "text" : "request", + "type" : "Struct(request)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "HTTP 请求方法", + "hash" : "V-authorization-S-authorization-sources-S-http_post-method", + "text" : "method", + "type" : "String(\"post\")" + }, + { + "doc" : "HTTP Headers 列表", + "hash" : "V-authorization-S-authorization-sources-S-http_post-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}" + } + ], + "text" : "http_post" + }, + { + "doc" : "使用单个 Redis 实例进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-redis_single", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Single 模式。 当 Redis 服务器在 Single 模式下运行时必须设置为 'single' 。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-redis_type", + "text" : "redis_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis 数据库 ID。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "用于检索授权数据的数据库查询。", + "hash" : "V-authorization-S-authorization-sources-S-redis_single-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_single" + }, + { + "doc" : "使用 Redis Sentinel 进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Sentinel 模式。 当 Redis 服务器在 Senitel 模式下运行时必须设置为 'sentinel' 。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-redis_type", + "text" : "redis_type", + "type" : "String(\"sentinel\")", + "default" : "sentinel" + }, + { + "doc" : "Redis sentinel 模式下的集群名称。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-sentinel", + "text" : "sentinel", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis 数据库 ID。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "用于检索授权数据的数据库查询。", + "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_sentinel" + }, + { + "doc" : "使用 Redis 集群进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-redis_cluster", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-type", + "text" : "type", + "type" : "String(\"redis\")" + }, + { + "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Cluster 模式。当 Redis 服务器在集群模式下运行时必须设置为'cluster'。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-redis_type", + "text" : "redis_type", + "type" : "String(\"cluster\")", + "default" : "cluster" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "用于检索授权数据的数据库查询。", + "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-cmd", + "text" : "cmd", + "type" : "String" + } + ], + "text" : "redis_cluster" + }, + { + "doc" : "使用 MySQL 数据库进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-mysql", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-mysql-type", + "text" : "type", + "type" : "String(\"mysql\")" + }, + { + "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式如下:主机[:端口]。
\n如果未指定[:端口],将使用 MySQL 的默认端口3306。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "SQL 预处理语句列表。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-prepare_statement", + "text" : "prepare_statement", + "type" : "Map" + }, + { + "doc" : "用于检索授权数据的数据库查询。", + "hash" : "V-authorization-S-authorization-sources-S-mysql-query", + "text" : "query", + "type" : "String" + } + ], + "text" : "mysql" + }, + { + "doc" : "使用 PostgreSQL 数据库进行授权。", + "hash" : "T-authorization-S-authorization-sources-S-postgresql", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-type", + "text" : "type", + "type" : "String(\"postgresql\")" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目的格式为:Host[:Port]。
\n如果没有指定 [:Port],将使用 PostgreSQL 默认端口 5432。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "SQL 预处理语句列表。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-prepare_statement", + "text" : "prepare_statement", + "type" : "Map" + }, + { + "doc" : "用于检索授权数据的数据库查询。", + "hash" : "V-authorization-S-authorization-sources-S-postgresql-query", + "text" : "query", + "type" : "String" + } + ], + "text" : "postgresql" + }, + { + "doc" : "使用 MongoDB 授权(单实例)。", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "包含授权数据的 `MongoDB` 集合。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "定义查询中过滤条件的条件表达式。\n过滤器支持以下占位符
\n - ${username}:在连接时将用客户端使用的 用户名 替换
\n - ${clientid}:在连接时将用客户端使用的 客户端 ID 替换", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "独立实例。当MongoDB服务器以独立模式运行时,必须设置为`single`。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-mongo_type", + "text" : "mongo_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
主机条目具有以下形式:主机[:端口]。
如果未指定[:端口],则使用MongoDB的默认端口27017。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_single" + }, + { + "doc" : "使用 MongoDB 授权(副本集模式)", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "包含授权数据的 `MongoDB` 集合。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "定义查询中过滤条件的条件表达式。\n过滤器支持以下占位符
\n - ${username}:在连接时将用客户端使用的 用户名 替换
\n - ${clientid}:在连接时将用客户端使用的 客户端 ID 替换", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "副本集。当MongoDB服务器以`副本集`模式运行时,必须设置为`rs`。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-mongo_type", + "text" : "mongo_type", + "type" : "String(\"rs\")", + "default" : "rs" + }, + { + "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "读取模式。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-r_mode", + "text" : "r_mode", + "type" : "Enum(master,slave_ok)", + "default" : "master" + }, + { + "doc" : "副本集的名称。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-replica_set_name", + "text" : "replica_set_name", + "type" : "String" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_rs" + }, + { + "doc" : "使用 MongoDB 授权(分片集群模式)。", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-type", + "text" : "type", + "type" : "String(\"mongodb\")" + }, + { + "doc" : "包含授权数据的 `MongoDB` 集合。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-collection", + "text" : "collection", + "type" : "String" + }, + { + "doc" : "定义查询中过滤条件的条件表达式。\n过滤器支持以下占位符
\n - ${username}:在连接时将用客户端使用的 用户名 替换
\n - ${clientid}:在连接时将用客户端使用的 客户端 ID 替换", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-filter", + "text" : "filter", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "分片集群。当 MongoDB 服务器以`分片`模式运行时,必须设置为`sharded`。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-mongo_type", + "text" : "mongo_type", + "type" : "String(\"sharded\")", + "default" : "sharded" + }, + { + "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "mongo_sharded" + }, + { + "doc" : "AuthZ with LDAP", + "hash" : "T-authorization-S-authorization-sources-S-ldap", + "fields" : [ + { + "doc" : "数据后端类型", + "hash" : "V-authorization-S-authorization-sources-S-ldap-type", + "text" : "type", + "type" : "String(\"ldap\")" + }, + { + "doc" : "表示使用哪个属性来表示允许`发布`的主题列表。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-publish_attribute", + "text" : "publish_attribute", + "type" : "String", + "default" : "mqttPublishTopic" + }, + { + "doc" : "表示使用哪个属性来表示允许`订阅`的主题列表。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-subscribe_attribute", + "text" : "subscribe_attribute", + "type" : "String", + "default" : "mqttSubscriptionTopic" + }, + { + "doc" : "表示使用哪个属性来表示允许`发布`和`订阅`的主题列表。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-all_attribute", + "text" : "all_attribute", + "type" : "String", + "default" : "mqttPubSubTopic" + }, + { + "doc" : "LDAP 查询超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机名条目的格式为:`主机[:端口]`。
\n如果 `[:端口]` 未指定, 将使用 LDAP 默认端口 389。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "与基本对象条目(或根)相关的名称。\n搜索用户的起点。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "定义哪些条件必须被依次满足的过滤器\n用于搜索匹配一条给定的条目.
\n筛选器的语法遵循 RFC 4515,并且还支持占位符。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(objectClass=mqttUser)\"" + }, + { + "doc" : "设置每个单独请求所使用的最大时间(以毫秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "启用 SSL 连接。", + "hash" : "T-authorization-S-authorization-sources-S-ldap-ssl-S-ssl", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + } + ], + "text" : "ldap" + } + ], + "hash" : "V-authorization-S-authorization-sources", + "text" : "sources", + "type" : "Array(OneOf(Struct(file),Struct(builtin_db),Struct(http_get),Struct(http_post),Struct(redis_single),Struct(redis_sentinel),Struct(redis_cluster),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(ldap)))", + "default" : "[{enable = true, path = \"${EMQX_ETC_DIR}/acl.conf\", type = file}]" + } + ], + "text" : "authorization" + } + ], + "hash" : "V-authorization", + "text" : "authorization", + "type" : "Struct(authorization)" + }, + { + "refs" : [ + { + "doc" : "节点名称、Cookie、配置文件、数据目录和 Erlang 虚拟机(BEAM)启动参数。", + "hash" : "T-node-S-node", + "fields" : [ + { + "doc" : "节点名。格式为 \\@\\。其中 可以是 IP 地址,也可以是 FQDN。\n详见 http://erlang.org/doc/reference_manual/distributed.html。", + "hash" : "V-node-S-node-name", + "text" : "name", + "type" : "String", + "default" : "\"emqx@127.0.0.1\"" + }, + { + "doc" : "分布式 Erlang 集群使用的 cookie 值。集群间保持一致", + "hash" : "V-node-S-node-cookie", + "text" : "cookie", + "type" : "String" + }, + { + "doc" : "Erlang 系统同时存在的最大端口数。\n实际选择的最大值可能比设置的数字大得多。\n参考: https://www.erlang.org/doc/man/erl.html", + "hash" : "V-node-S-node-max_ports", + "text" : "max_ports", + "type" : "Integer(1024..134217727)", + "default" : "1048576" + }, + { + "doc" : "Erlang 分布式缓冲区的繁忙阈值,单位是 KB。", + "hash" : "V-node-S-node-dist_buffer_size", + "text" : "dist_buffer_size", + "type" : "Integer(1..2097151)", + "default" : "8192" + }, + { + "doc" : "节点数据存放目录,可能会自动创建的子目录如下:
\n- `mnesia/`。EMQX 的内置数据库目录。例如,`mnesia/emqx@127.0.0.1`。
\n如果节点要被重新命名(例如,`emqx@10.0.1.1`)。旧目录应该首先被删除。
\n- `configs`。在启动时生成的配置,以及集群/本地覆盖的配置。
\n- `patches`: 热补丁文件将被放在这里。
\n- `trace`: 日志跟踪文件。
\n\n**注意**: 一个数据 dir 不能被两个或更多的 EMQX 节点同时使用。", + "hash" : "V-node-S-node-data_dir", + "text" : "data_dir", + "type" : "String" + }, + { + "doc" : "系统调优参数,设置节点运行多久强制进行一次全局垃圾回收。禁用设置为 disabled。", + "hash" : "V-node-S-node-global_gc_interval", + "text" : "global_gc_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"15m\"" + }, + { + "doc" : "选择节点的角色。
\ncore 节点提供数据的持久性,并负责写入。建议将核心节点放置在不同的机架或不同的可用区。
\nrepliant 节点是临时工作节点。 从集群中删除它们,不影响数据库冗余
\n建议复制节点多于核心节点。
\n注意:该参数仅在设置backend时生效到 rlog。", + "hash" : "V-node-S-node-role", + "aliases" : [ + "db_role" + ], + "text" : "role", + "type" : "Enum(core,replicant)", + "default" : "core" + } + ], + "text" : "node" + } + ], + "hash" : "V-node", + "text" : "node", + "type" : "Struct(node)" + }, + { + "refs" : [ + { + "doc" : "EMQX 节点可以组成一个集群,以提高总容量。
这里指定了节点之间如何连接。", + "hash" : "T-cluster-S-cluster", + "fields" : [ + { + "doc" : "EMQX 集群名称。每个集群都有一个唯一的名称。服务发现时会用于做路径的一部分。", + "hash" : "V-cluster-S-cluster-name", + "text" : "name", + "type" : "String", + "default" : "emqxcl" + }, + { + "doc" : "集群节点发现方式。可选值为:\n- manual: 使用 emqx ctl cluster 命令管理集群。
\n- static: 配置静态节点。配置几个固定的节点,新节点通过连接固定节点中的某一个来加入集群。
\n- dns: 使用 DNS A 记录的方式发现节点。
\n- etcd: 使用 etcd 发现节点。
\n- k8s: 使用 Kubernetes API 发现节点。", + "hash" : "V-cluster-S-cluster-discovery_strategy", + "text" : "discovery_strategy", + "type" : "Enum(manual,static,singleton,dns,etcd,k8s)", + "default" : "manual" + }, + { + "doc" : "指定多久之后从集群中删除离线节点。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-cluster-S-cluster-autoclean", + "text" : "autoclean", + "type" : "Duration", + "default" : "\"24h\"" + }, + { + "doc" : "集群脑裂自动恢复机制开关。", + "hash" : "V-cluster-S-cluster-autoheal", + "text" : "autoheal", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "分布式 Erlang 集群协议类型。可选值为:
\n- inet_tcp: 使用 IPv4
\n- inet_tls: 使用 TLS,需要配合 etc/ssl_dist.conf 一起使用。
\n- inet6_tcp: IPv6 TCP
\n- inet6_tls: IPv6 TLS, 与 etc/ssl_dist.conf 配合使用。", + "hash" : "V-cluster-S-cluster-proto_dist", + "text" : "proto_dist", + "type" : "Enum(inet_tcp,inet6_tcp,inet_tls,inet6_tls)", + "default" : "inet_tcp" + }, + { + "refs" : [ + { + "doc" : "静态节点服务发现。新节点通过连接一个节点来加入集群。", + "hash" : "T-cluster-S-cluster-static-S-cluster_static", + "fields" : [ + { + "doc" : "集群中的 EMQX 节点名称列表,\n指定固定的节点列表,多个节点间使用逗号 , 分隔。\n当 cluster.discovery_strategy 为 static 时,此配置项才有效。\n适合于节点数量较少且固定的集群。", + "hash" : "V-cluster-S-cluster-static-S-cluster_static-seeds", + "text" : "seeds", + "type" : "OneOf(String,Array(String))", + "default" : "[]" + } + ], + "text" : "cluster_static" + } + ], + "hash" : "V-cluster-S-cluster-static", + "text" : "static", + "type" : "Struct(cluster_static)" + }, + { + "refs" : [ + { + "doc" : "DNS SRV 记录服务发现。", + "hash" : "T-cluster-S-cluster-dns-S-cluster_dns", + "fields" : [ + { + "doc" : "指定 DNS A 记录的名字。emqx 会通过访问这个 DNS A 记录来获取 IP 地址列表。\n当cluster.discovery_strategydns 时有效。", + "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-name", + "text" : "name", + "type" : "String", + "default" : "localhost" + }, + { + "doc" : "DNS 记录类型。", + "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-record_type", + "text" : "record_type", + "type" : "Enum(a,aaaa,srv)", + "default" : "a" + } + ], + "text" : "cluster_dns" + } + ], + "hash" : "V-cluster-S-cluster-dns", + "text" : "dns", + "type" : "Struct(cluster_dns)" + }, + { + "refs" : [ + { + "doc" : "使用 'etcd' 服务的服务发现。", + "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd", + "fields" : [ + { + "doc" : "指定 etcd 服务的地址。如有多个服务使用逗号 , 分隔。\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "指定 etcd 路径的前缀。每个节点在 etcd 中都会创建一个路径:\nv2/keys///
\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-prefix", + "text" : "prefix", + "type" : "String", + "default" : "emqxcl" + }, + { + "doc" : "指定 etcd 中节点信息的过期时间。\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-node_ttl", + "text" : "node_ttl", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "当使用 TLS 连接 etcd 时的配置选项。\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options", + "aliases" : [ + "ssl" + ], + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)" + } + ], + "text" : "cluster_etcd" + } + ], + "hash" : "V-cluster-S-cluster-etcd", + "text" : "etcd", + "type" : "Struct(cluster_etcd)" + }, + { + "refs" : [ + { + "doc" : "Kubernetes 服务发现。", + "hash" : "T-cluster-S-cluster-k8s-S-cluster_k8s", + "fields" : [ + { + "doc" : "指定 Kubernetes API Server。如有多个 Server 使用逗号 , 分隔。\n当 cluster.discovery_strategy 为 k8s 时,此配置项才有效。", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-apiserver", + "text" : "apiserver", + "type" : "String", + "default" : "\"https://kubernetes.default.svc:443\"" + }, + { + "doc" : "指定 Kubernetes 中 EMQX 的服务名。\n当 cluster.discovery_strategy 为 k8s 时,此配置项才有效。", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-service_name", + "text" : "service_name", + "type" : "String", + "default" : "emqx" + }, + { + "doc" : "当使用 k8s 方式集群时,address_type 用来从 Kubernetes 接口的应答里获取什么形式的 Host 列表。\n指定 cluster.k8s.address_typeip,则将从 Kubernetes 接口中获取集群中其他节点\n的 IP 地址。", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-address_type", + "text" : "address_type", + "type" : "Enum(ip,dns,hostname)", + "default" : "ip" + }, + { + "doc" : "当使用 k8s 方式并且 cluster.k8s.address_type 指定为 dns 类型时,\n可设置 emqx 节点名的命名空间。与 cluster.k8s.suffix 一起使用用以拼接得到节点名列表。", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-namespace", + "text" : "namespace", + "type" : "String", + "default" : "default" + }, + { + "doc" : "当使用 k8s 方式并且 cluster.k8s.address_type 指定为 dns 类型时,可设置 emqx 节点名的后缀。\n与 cluster.k8s.namespace 一起使用用以拼接得到节点名列表。", + "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-suffix", + "text" : "suffix", + "type" : "String", + "default" : "\"pod.local\"" + } + ], + "text" : "cluster_k8s" + } + ], + "hash" : "V-cluster-S-cluster-k8s", + "text" : "k8s", + "type" : "Struct(cluster_k8s)" + }, + { + "doc" : "已连接的 EMQX 集群列表。", + "refs" : [ + { + "doc" : "集群连接配置", + "hash" : "T-cluster-S-cluster-links-S-link", + "fields" : [ + { + "doc" : "连接(远程)集群名称。必须与远程集群中配置的 `cluster.name` 值完全相同。不得与本地的 cluster.name 相同。所有配置的集群连接名称必须唯一。", + "hash" : "V-cluster-S-cluster-links-S-link-name", + "text" : "name", + "type" : "String" + }, + { + "doc" : "远程 EMQX 消息服务器的 MQTT 主机和端口。", + "hash" : "V-cluster-S-cluster-links-S-link-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "可选的基础 MQTT 客户端 ID,用于连接到远程 EMQX 集群。如果省略,将使用本地的 `cluster.name`。EMQX 在互相连接的集群之间维持多个连接,因此基础客户端 ID 会自动添加不同的后缀。", + "hash" : "V-cluster-S-cluster-links-S-link-clientid", + "text" : "clientid", + "type" : "String" + }, + { + "doc" : "用于连接到远程 EMQX 集群的 MQTT 用户名(可选)。", + "hash" : "V-cluster-S-cluster-links-S-link-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "用于连接到远程 EMQX 集群的密码(可选)。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-cluster-S-cluster-links-S-link-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "用于连接到远程 EMQX 集群的 SSL 配置。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-cluster-S-cluster-links-S-link-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "将由连接的远程 EMQX 消息服务器转发到本地消息服务器的 MQTT 主题。只有当本地 EMQX 有匹配的订阅者时,消息才会被转发。\n支持通配符。将一侧的主题列表设置为空可以建立单向连接:具有空主题的一侧不会接收远程消息,但可以根据连接另一侧配置的主题将相关消息转发给其连接的对端。", + "hash" : "V-cluster-S-cluster-links-S-link-topics", + "text" : "topics", + "type" : "Array(String)" + }, + { + "doc" : "将向连接的 EMQX 消息服务器发布消息的 MQTT 客户端池的大小。", + "hash" : "V-cluster-S-cluster-links-S-link-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "MQTT Message retry interval. Delay for the link to retry sending the QoS1/QoS2 messages in case of ACK not received. Time interval is a string that contains a number followed by time unit:
- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n
or combination of whereof: `1h5m0s`", + "hash" : "V-cluster-S-cluster-links-S-link-retry_interval", + "text" : "retry_interval", + "type" : "String", + "default" : "\"15s\"" + }, + { + "doc" : "MQTT 协议的最大待处理(已发送但未确认)消息数。", + "hash" : "V-cluster-S-cluster-links-S-link-max_inflight", + "text" : "max_inflight", + "type" : "Integer(0..+inf)", + "default" : "32" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Deprecated since 5.1.0.", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-auto_restart_interval", + "text" : "auto_restart_interval", + "type" : "OneOf(String(\"infinity\"),Duration)" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Deprecated since v5.0.14.", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-enable_queue", + "text" : "enable_queue", + "type" : "Boolean" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "creation_opts" + } + ], + "hash" : "V-cluster-S-cluster-links-S-link-resource_opts", + "text" : "resource_opts", + "type" : "Struct(creation_opts)", + "default" : "{}" + } + ], + "text" : "link" + } + ], + "hash" : "V-cluster-S-cluster-links", + "text" : "links", + "type" : "Array(Struct(link))", + "default" : "[]" + } + ], + "text" : "cluster" + } + ], + "hash" : "V-cluster", + "text" : "cluster", + "type" : "Struct(cluster)" + }, + { + "doc" : "EMQX 支持两种主要的日志处理进程:file 和 console,另有一个专门设计用于始终将日志定向到文件的 audit 处理进程。\n系统的默认日志处理行为可以通过环境变量 `EMQX_DEFAULT_LOG_HANDLER` 配置,它接受以下设置:\n\n- file:将日志输出仅定向到文件。\n- console:将日志输出仅定向到控制台。\n\n值得注意的是,当通过 systemd 的 emqx.service 文件启动 EMQX 时,EMQX_DEFAULT_LOG_HANDLER 被设置为 file。\n在 systemd 启动之外的场景中,console 作为默认的日志处理进程。", + "refs" : [ + { + "doc" : "EMQX 支持同时多个日志输出,一个控制台输出,和多个文件输出。\n默认情况下,EMQX 运行在容器中,或者在 'console' 或 'foreground' 模式下运行时,会输出到 控制台,否则输出到文件。", + "hash" : "T-log-S-log", + "fields" : [ + { + "refs" : [ + { + "doc" : "日志处理进程将日志事件打印到 EMQX 控制台。", + "hash" : "T-log-S-log-console-S-console_handler", + "fields" : [ + { + "doc" : "当前日志处理进程的日志级别。\n默认为 warning 级别。", + "hash" : "V-log-S-log-console-S-console_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "启用此日志处理进程。", + "hash" : "V-log-S-log-console-S-console_handler-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "选择日志格式类型。 text 用于纯文本,json 用于结构化日志记录。", + "hash" : "V-log-S-log-console-S-console_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。", + "hash" : "V-log-S-log-console-S-console_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。", + "hash" : "V-log-S-log-console-S-console_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`", + "hash" : "V-log-S-log-console-S-console_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "console_handler" + } + ], + "hash" : "V-log-S-log-console", + "aliases" : [ + "console_handler" + ], + "text" : "console", + "type" : "Struct(console_handler)" + }, + { + "doc" : "输出到文件的日志处理进程列表", + "refs" : [ + { + "doc" : "日志处理进程将日志事件打印到文件。", + "hash" : "T-log-S-log-file-S-log_file_handler", + "fields" : [ + { + "doc" : "日志文件路径及名字。", + "hash" : "V-log-S-log-file-S-log_file_handler-path", + "aliases" : [ + "file", + "to" + ], + "text" : "path", + "type" : "String", + "default" : "\"${EMQX_LOG_DIR}/emqx.log\"" + }, + { + "doc" : "轮换的最大日志文件数。", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count", + "aliases" : [ + "rotation" + ], + "text" : "rotation_count", + "type" : "Integer(1..128)", + "default" : "10" + }, + { + "doc" : "此参数控制日志文件轮换。 `infinity` 意味着日志文件将无限增长,否则日志文件将在达到 `max_size`(以字节为单位)时进行轮换。\n与 rotation count 配合使用。如果 counter 为 10,则是 10 个文件轮换。", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size", + "aliases" : [ + "max_size" + ], + "text" : "rotation_size", + "type" : "OneOf(String(\"infinity\"),Bytesize)", + "default" : "\"50MB\"" + }, + { + "doc" : "当前日志处理进程的日志级别。\n默认为 warning 级别。", + "hash" : "V-log-S-log-file-S-log_file_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "选择日志格式类型。 text 用于纯文本,json 用于结构化日志记录。", + "hash" : "V-log-S-log-file-S-log_file_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。", + "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。", + "hash" : "V-log-S-log-file-S-log_file_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`", + "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "log_file_handler" + }, + { + "doc" : "日志处理进程将日志事件打印到文件。", + "hash" : "T-log-S-log-file-S-log_file_handler", + "fields" : [ + { + "doc" : "日志文件路径及名字。", + "hash" : "V-log-S-log-file-S-log_file_handler-path", + "aliases" : [ + "file", + "to" + ], + "text" : "path", + "type" : "String", + "default" : "\"${EMQX_LOG_DIR}/emqx.log\"" + }, + { + "doc" : "轮换的最大日志文件数。", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count", + "aliases" : [ + "rotation" + ], + "text" : "rotation_count", + "type" : "Integer(1..128)", + "default" : "10" + }, + { + "doc" : "此参数控制日志文件轮换。 `infinity` 意味着日志文件将无限增长,否则日志文件将在达到 `max_size`(以字节为单位)时进行轮换。\n与 rotation count 配合使用。如果 counter 为 10,则是 10 个文件轮换。", + "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size", + "aliases" : [ + "max_size" + ], + "text" : "rotation_size", + "type" : "OneOf(String(\"infinity\"),Bytesize)", + "default" : "\"50MB\"" + }, + { + "doc" : "当前日志处理进程的日志级别。\n默认为 warning 级别。", + "hash" : "V-log-S-log-file-S-log_file_handler-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "选择日志格式类型。 text 用于纯文本,json 用于结构化日志记录。", + "hash" : "V-log-S-log-file-S-log_file_handler-formatter", + "aliases" : [ + "format" + ], + "text" : "formatter", + "type" : "Enum(text,json)", + "default" : "text" + }, + { + "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。", + "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。", + "hash" : "V-log-S-log-file-S-log_file_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`", + "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "log_file_handler" + } + ], + "hash" : "V-log-S-log-file", + "aliases" : [ + "file_handlers" + ], + "text" : "file", + "type" : "OneOf(Struct(log_file_handler),Map($handler_name->Struct(log_file_handler)))", + "default" : "{level = warning}" + }, + { + "refs" : [ + { + "doc" : "日志限流功能通过在配置的时间窗口内丢弃除第一个事件外的所有事件,来减少可能泛滥的日志事件数量。\n如果 `console` 或 `file` 日志级别设置为 debug,则自动禁用限流。", + "hash" : "T-log-S-log-throttling-S-log_throttling", + "fields" : [ + { + "doc" : "此配置设置控制限流消息的日志记录行为,包括但不限于像 'authorization_permission_denied' 这样的消息。\n在每个定义的时间窗口内,只有一个限流消息的实例会被记录,以防止日志泛滥。\n在每个时间窗口结束时,将生成一个摘要日志,详细说明该期间内任何限流消息的发生。\n重要的是,此设置的最短有效时间窗口为 1 秒(1s)。\n如果指定的值低于 1s,则会自动调整为 1s。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-log-S-log-throttling-S-log_throttling-time_window", + "text" : "time_window", + "type" : "Duration(s)", + "default" : "\"1m\"" + } + ], + "text" : "log_throttling" + } + ], + "hash" : "V-log-S-log-throttling", + "text" : "throttling", + "type" : "Struct(log_throttling)" + }, + { + "doc" : "审计日志文件处理进程", + "refs" : [ + { + "doc" : "将日志时间输出到文件的审计日志处理进程。", + "hash" : "T-log-S-log-audit-S-log_audit_handler", + "fields" : [ + { + "doc" : "----", + "hash" : "V-log-S-log-audit-S-log_audit_handler-path", + "text" : "path", + "type" : "String", + "default" : "\"${EMQX_LOG_DIR}/audit.log\"" + }, + { + "doc" : "轮换的最大日志文件数。", + "hash" : "V-log-S-log-audit-S-log_audit_handler-rotation_count", + "text" : "rotation_count", + "type" : "Integer(1..128)", + "default" : "10" + }, + { + "doc" : "此参数控制日志文件轮换。 `infinity` 意味着日志文件将无限增长,否则日志文件将在达到 `max_size`(以字节为单位)时进行轮换。\n与 rotation count 配合使用。如果 counter 为 10,则是 10 个文件轮换。", + "hash" : "V-log-S-log-audit-S-log_audit_handler-rotation_size", + "text" : "rotation_size", + "type" : "OneOf(String(\"infinity\"),Bytesize)", + "default" : "\"50MB\"" + }, + { + "doc" : "将最新的 N 条日志条目存储在数据库中,以供 /audit HTTP API 进行日志数据的筛选和检索。\n清除多余的日志记录的间隔保持在 10 到 20 秒之间。", + "hash" : "V-log-S-log-audit-S-log_audit_handler-max_filter_size", + "text" : "max_filter_size", + "type" : "Integer(10..30000)", + "default" : "5000" + }, + { + "doc" : "忽略高频请求以避免淹没审计日志,例如发布/订阅踢出 http API 请求将被忽略。", + "hash" : "V-log-S-log-audit-S-log_audit_handler-ignore_high_frequency_request", + "text" : "ignore_high_frequency_request", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。", + "hash" : "V-log-S-log-audit-S-log_audit_handler-timestamp_format", + "text" : "timestamp_format", + "type" : "Enum(auto,epoch,rfc3339)", + "default" : "auto" + }, + { + "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。", + "hash" : "V-log-S-log-audit-S-log_audit_handler-time_offset", + "text" : "time_offset", + "type" : "String", + "default" : "system" + }, + { + "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`", + "hash" : "V-log-S-log-audit-S-log_audit_handler-payload_encode", + "text" : "payload_encode", + "type" : "Enum(hex,text,hidden)", + "default" : "text" + } + ], + "text" : "log_audit_handler" + } + ], + "hash" : "V-log-S-log-audit", + "text" : "audit", + "type" : "Struct(log_audit_handler)", + "default" : "{enable = false, level = info}" + } + ], + "text" : "log" + } + ], + "hash" : "V-log", + "text" : "log", + "type" : "Struct(log)" + }, + { + "refs" : [ + { + "doc" : "EMQX 使用 gen_rpc 库来实现跨节点通信。
\n大多数情况下,默认的配置应该可以工作,但如果你需要做一些性能优化或者实验,可以尝试调整这些参数。", + "hash" : "T-rpc-S-rpc", + "fields" : [ + { + "doc" : "在 sync 模式下,发送端等待接收端的 ack 信号。", + "hash" : "V-rpc-S-rpc-mode", + "text" : "mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "集群间通信使用的传输协议。", + "hash" : "V-rpc-S-rpc-protocol", + "aliases" : [ + "driver" + ], + "text" : "protocol", + "type" : "Enum(tcp,ssl)", + "default" : "tcp" + }, + { + "doc" : "异步模式下,发送的批量消息的最大数量。", + "hash" : "V-rpc-S-rpc-async_batch_size", + "text" : "async_batch_size", + "type" : "Integer", + "default" : "256" + }, + { + "doc" : "manual: 通过 server_port 来发现端口。\n
stateless: 使用无状态的方式来发现端口,使用如下算法。如果节点名称是 \nemqxN@127.0.0.1, N 是一个数字,那么监听端口就是 5370 + N。\n注意:当 port_discovery 设置为 manual 时,server_port 配置将不起作用。", + "hash" : "V-rpc-S-rpc-port_discovery", + "text" : "port_discovery", + "type" : "Enum(manual,stateless)", + "default" : "stateless" + }, + { + "doc" : "RPC 本地服务使用的监听端口。
\n请注意,此配置仅在 rpc.port_discovery 设置为手动时生效。", + "hash" : "V-rpc-S-rpc-server_port", + "aliases" : [ + "tcp_server_port", + "ssl_server_port" + ], + "text" : "server_port", + "type" : "Integer(1..+inf)", + "default" : "5369" + }, + { + "doc" : "设置该节点与每个远程节点之间发起的最大 RPC 通信通道数量。", + "hash" : "V-rpc-S-rpc-client_num", + "aliases" : [ + "tcp_client_num" + ], + "text" : "client_num", + "type" : "Integer(1..256)", + "default" : "10" + }, + { + "doc" : "建立 RPC 连接的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "TLS 证书文件的路径,用于验证集群节点的身份。\n只有当 rpc.driver 设置为 ssl 时,此配置才会生效。", + "hash" : "V-rpc-S-rpc-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "rpc.certfile 的私钥文件的路径。
\n注意:此文件内容是私钥,所以需要设置权限为 600。", + "hash" : "V-rpc-S-rpc-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "验证 rpc.certfile 的 CA 证书文件的路径。
\n注意:集群中所有节点的证书必须使用同一个 CA 签发。", + "hash" : "V-rpc-S-rpc-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "发送 RPC 请求的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "远程节点认证的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-authentication_timeout", + "text" : "authentication_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "同步 RPC 的回复超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-call_receive_timeout", + "text" : "call_receive_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "对应 TCP_KEEPIDLE socket 选项。指定在 TCP 开始发送 keepalive 探测包之前,连接需要保持空闲的时间(以秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-socket_keepalive_idle", + "text" : "socket_keepalive_idle", + "type" : "Duration(s)", + "default" : "\"15m\"" + }, + { + "doc" : "对应 TCP_KEEPINTVL socket 选项。指每次 keepalive 探测之间的时间间隔(以秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-rpc-S-rpc-socket_keepalive_interval", + "text" : "socket_keepalive_interval", + "type" : "Duration(s)", + "default" : "\"75s\"" + }, + { + "doc" : "对应 TCP_KEEPCNT socket 选项。指定在放弃连接并终止连接之前发送的最大 TCP keepalive 探测次数,如果未从另一端收到响应,则终止连接。", + "hash" : "V-rpc-S-rpc-socket_keepalive_count", + "text" : "socket_keepalive_count", + "type" : "Integer", + "default" : "9" + }, + { + "doc" : "TCP 调节参数。TCP 发送缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-rpc-S-rpc-socket_sndbuf", + "text" : "socket_sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP 调节参数。TCP 接收缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-rpc-S-rpc-socket_recbuf", + "text" : "socket_recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP 调节参数。用户模式套接字缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-rpc-S-rpc-socket_buffer", + "text" : "socket_buffer", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "兼容旧的无鉴权模式", + "hash" : "V-rpc-S-rpc-insecure_fallback", + "text" : "insecure_fallback", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-rpc-S-rpc-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-rpc-S-rpc-tls_versions", + "text" : "tls_versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "指示 RPC 服务器监听的 IP 地址。例如,使用 \"0.0.0.0\" 表示 IPv4 或 \"::\" 表示 IPv6。", + "hash" : "V-rpc-S-rpc-listen_address", + "text" : "listen_address", + "type" : "String", + "default" : "\"0.0.0.0\"" + }, + { + "doc" : "此设置仅在 rpc.listen_address 被分配了一个 IPv6 地址时有效。\n如果设置为 true,RPC 客户端将仅使用 IPv6 进行连接。\n否则,即使服务器位于 IPv6 上,客户端也可能选择 IPv4。", + "hash" : "V-rpc-S-rpc-ipv6_only", + "text" : "ipv6_only", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "rpc" + } + ], + "hash" : "V-rpc", + "text" : "rpc", + "type" : "Struct(rpc)" + }, + { + "doc" : "系统主题配置。", + "refs" : [ + { + "doc" : "The EMQX Broker periodically publishes its own status, message statistics,\nclient online and offline events to the system topic starting with `$SYS/`.\n\nThe following options control the behavior of `$SYS` topics.", + "hash" : "T-sys_topics-S-sys_topics", + "fields" : [ + { + "doc" : "发送 `$SYS` 主题的间隔时间。", + "hash" : "V-sys_topics-S-sys_topics-sys_msg_interval", + "text" : "sys_msg_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"1m\"" + }, + { + "doc" : "发送心跳系统消息的间隔时间,它包括:\n - `$SYS/brokers//uptime`\n - `$SYS/brokers//datetime`", + "hash" : "V-sys_topics-S-sys_topics-sys_heartbeat_interval", + "text" : "sys_heartbeat_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"30s\"" + }, + { + "doc" : "客户端事件消息。", + "refs" : [ + { + "doc" : "Enable or disable client lifecycle event publishing.\n\nThe following options affect MQTT clients as well as\ngateway clients. The types of the clients\nare distinguished by the topic prefix:\n\n- For the MQTT clients, the format is:\n`$SYS/broker//clients//`\n- For the Gateway clients, it is\n`$SYS/broker//gateway//clients//`\n", + "hash" : "T-sys_topics-S-sys_topics-sys_event_messages-S-event_names", + "fields" : [ + { + "doc" : "是否开启客户端已连接事件消息。", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_connected", + "text" : "client_connected", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "是否开启客户端已断开连接事件消息。", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_disconnected", + "text" : "client_disconnected", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "是否开启客户端已成功订阅主题事件消息。", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_subscribed", + "text" : "client_subscribed", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "是否开启客户端已成功取消订阅主题事件消息。", + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_unsubscribed", + "text" : "client_unsubscribed", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "event_names" + } + ], + "hash" : "V-sys_topics-S-sys_topics-sys_event_messages", + "text" : "sys_event_messages", + "type" : "Struct(event_names)" + } + ], + "text" : "sys_topics" + } + ], + "hash" : "V-sys_topics", + "text" : "sys_topics", + "type" : "Struct(sys_topics)" + }, + { + "refs" : [ + { + "doc" : "When the process message queue length, or the memory bytes\nreaches a certain value, the process is forced to close.\n\nNote: \"message queue\" here refers to the \"message mailbox\"\nof the Erlang process, not the `mqueue` of QoS 1 and QoS 2.", + "hash" : "T-force_shutdown-S-force_shutdown", + "fields" : [ + { + "doc" : "每个在线客户端在 EMQX 服务器中都是独立的一个进程。该配置可以设为单个进程的邮箱消息队列设置最大长度,当超过该上限时,客户端会被强制下线。", + "hash" : "V-force_shutdown-S-force_shutdown-max_mailbox_size", + "aliases" : [ + "max_message_queue_len" + ], + "text" : "max_mailbox_size", + "type" : "Integer(0..inf)", + "default" : "1000" + }, + { + "doc" : "Heap 的总大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-force_shutdown-S-force_shutdown-max_heap_size", + "text" : "max_heap_size", + "type" : "Bytesize", + "default" : "\"32MB\"" + } + ], + "text" : "force_shutdown" + } + ], + "hash" : "V-force_shutdown", + "text" : "force_shutdown", + "type" : "Struct(force_shutdown)" + }, + { + "doc" : "与 EMQX 持久存储相关的配置。\n\nEMQX 使用持久存储来卸载各种数据到磁盘,如 MQTT 消息。", + "refs" : [ + { + "doc" : "与 EMQX 持久存储相关的配置。\n\nEMQX 使用持久存储来卸载各种数据到磁盘,如 MQTT 消息。", + "hash" : "T-durable_storage-S-durable_storage", + "fields" : [ + { + "doc" : "与 MQTT 消息的持久存储相关的配置。", + "refs" : [ + { + "doc" : "使用嵌入式 RocksDB 键值存储的内置存储后端。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft", + "fields" : [ + { + "doc" : "后端类型。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-backend", + "text" : "backend", + "type" : "String(\"builtin_raft\")", + "default" : "builtin_raft" + }, + { + "doc" : "每个分片应有的相同副本数量。\n增加此数字可以提高持久性和可用性,但会消耗更多资源。\n复制工作需要健康的副本仲裁,因此一般情况下选择奇数个副本是一个好选择。\n请注意,这仅在持久存储数据库初始化期间生效。\n在数据库已创建后更改此配置参数不会生效。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-replication_factor", + "text" : "replication_factor", + "type" : "Integer(1..+inf)", + "default" : "3" + }, + { + "doc" : "需要共享存储分片集责任的存储站点数量。\n在此上下文中,站点是启用了消息持久性的 EMQX 节点。\n请注意,这仅在持久存储数据库初始化期间生效。\n在此阶段,至少需要上线这么多站点以在它们之间分配分片,否则消息存储将不可用。\n初始化完成后,站点可能会下线,这将根据下线站点的数量和复制因子影响可用性。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-n_sites", + "text" : "n_sites", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "数据库所在的文件系统目录。\n\n默认情况下,它等于 node.data_dir。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-data_dir", + "text" : "data_dir", + "type" : "String" + }, + { + "doc" : "内置的持久存储将数据分成多个分片。\n此配置参数定义分片的数量。\n请注意,它仅在持久存储数据库初始化期间生效。\n在数据库已经创建后更改此配置参数将不会产生任何效果。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-n_shards", + "text" : "n_shards", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "存储布局是一种在磁盘上排列来自各种主题和客户端消息的方法。\n\n根据工作负载类型和主题结构的不同,可以采用不同的数据存储策略,以最大化地提高从持久存储中读取消息的效率。", + "refs" : [ + { + "doc" : "通配符优化 布局旨在最大化覆盖大量主题的通配符订阅的吞吐量。\n\n例如,它可以处理大量客户端将数据发布到包含其客户端 ID 的主题的场景,如:sensor/%device-version%/%clientid%/temperature、sensor/%device-version%/%clientid%/pressure 等。\n此布局将自动将此类主题分组到单个流中,因此订阅包含通配符的主题过滤器(如 sensor/+/+/temperature)的客户端将能够以单个批次消费所有设备发布的消息。\n\n此布局对非通配符订阅也是有效的。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized_v2", + "fields" : [ + { + "doc" : "通配符优化布局类型。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized_v2-type", + "text" : "type", + "type" : "String(\"wildcard_optimized_v2\")", + "default" : "wildcard_optimized_v2" + } + ], + "text" : "layout_builtin_wildcard_optimized_v2" + }, + { + "doc" : "通配符优化 布局旨在最大化覆盖大量主题的通配符订阅的吞吐量。\n\n例如,它可以处理大量客户端将数据发布到包含其客户端 ID 的主题的场景,如:sensor/%device-version%/%clientid%/temperature、sensor/%device-version%/%clientid%/pressure 等。\n此布局将自动将此类主题分组到单个流中,因此订阅包含通配符的主题过滤器(如 sensor/+/+/temperature)的客户端将能够以单个批次消费所有设备发布的消息。\n\n此布局对非通配符订阅也是有效的。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized", + "fields" : [ + { + "doc" : "通配符优化布局类型。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized-type", + "text" : "type", + "type" : "String(\"wildcard_optimized\")", + "default" : "wildcard_optimized" + } + ], + "text" : "layout_builtin_wildcard_optimized" + }, + { + "doc" : "一种简单的布局类型,将所有主题的所有消息按时间顺序存储在一个流中。\n\n不推荐用于生产环境。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_reference", + "fields" : [ + { + "doc" : "参考布局类型", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_reference-type", + "text" : "type", + "type" : "String(\"reference\")", + "default" : "reference" + } + ], + "text" : "layout_builtin_reference" + } + ], + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout", + "text" : "layout", + "type" : "OneOf(Struct(layout_builtin_wildcard_optimized_v2),Struct(layout_builtin_wildcard_optimized),Struct(layout_builtin_reference))", + "default" : "{type = wildcard_optimized_v2}" + } + ], + "text" : "builtin_raft" + }, + { + "doc" : "使用嵌入式 RocksDB 键值存储的内置存储后端。\n此后端不支持集群。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local", + "fields" : [ + { + "doc" : "后端类型。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-backend", + "text" : "backend", + "type" : "String(\"builtin_local\")", + "default" : "builtin_local" + }, + { + "doc" : "数据库所在的文件系统目录。\n\n默认情况下,它等于 node.data_dir。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-data_dir", + "text" : "data_dir", + "type" : "String" + }, + { + "doc" : "内置的持久存储将数据分成多个分片。\n此配置参数定义分片的数量。\n请注意,它仅在持久存储数据库初始化期间生效。\n在数据库已经创建后更改此配置参数将不会产生任何效果。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-n_shards", + "text" : "n_shards", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "存储布局是一种在磁盘上排列来自各种主题和客户端消息的方法。\n\n根据工作负载类型和主题结构的不同,可以采用不同的数据存储策略,以最大化地提高从持久存储中读取消息的效率。", + "refs" : [ + { + "doc" : "通配符优化 布局旨在最大化覆盖大量主题的通配符订阅的吞吐量。\n\n例如,它可以处理大量客户端将数据发布到包含其客户端 ID 的主题的场景,如:sensor/%device-version%/%clientid%/temperature、sensor/%device-version%/%clientid%/pressure 等。\n此布局将自动将此类主题分组到单个流中,因此订阅包含通配符的主题过滤器(如 sensor/+/+/temperature)的客户端将能够以单个批次消费所有设备发布的消息。\n\n此布局对非通配符订阅也是有效的。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2", + "fields" : [ + { + "doc" : "通配符优化布局类型。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2-type", + "text" : "type", + "type" : "String(\"wildcard_optimized_v2\")", + "default" : "wildcard_optimized_v2" + } + ], + "text" : "layout_builtin_wildcard_optimized_v2" + }, + { + "doc" : "通配符优化 布局旨在最大化覆盖大量主题的通配符订阅的吞吐量。\n\n例如,它可以处理大量客户端将数据发布到包含其客户端 ID 的主题的场景,如:sensor/%device-version%/%clientid%/temperature、sensor/%device-version%/%clientid%/pressure 等。\n此布局将自动将此类主题分组到单个流中,因此订阅包含通配符的主题过滤器(如 sensor/+/+/temperature)的客户端将能够以单个批次消费所有设备发布的消息。\n\n此布局对非通配符订阅也是有效的。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized", + "fields" : [ + { + "doc" : "通配符优化布局类型。", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized-type", + "text" : "type", + "type" : "String(\"wildcard_optimized\")", + "default" : "wildcard_optimized" + } + ], + "text" : "layout_builtin_wildcard_optimized" + }, + { + "doc" : "一种简单的布局类型,将所有主题的所有消息按时间顺序存储在一个流中。\n\n不推荐用于生产环境。", + "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference", + "fields" : [ + { + "doc" : "参考布局类型", + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference-type", + "text" : "type", + "type" : "String(\"reference\")", + "default" : "reference" + } + ], + "text" : "layout_builtin_reference" + } + ], + "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout", + "text" : "layout", + "type" : "OneOf(Struct(layout_builtin_wildcard_optimized_v2),Struct(layout_builtin_wildcard_optimized),Struct(layout_builtin_reference))", + "default" : "{type = wildcard_optimized_v2}" + } + ], + "text" : "builtin_local" + } + ], + "hash" : "V-durable_storage-S-durable_storage-messages", + "text" : "messages", + "type" : "OneOf(Struct(builtin_raft),Struct(builtin_local))", + "default" : "{backend = builtin_raft}" + } + ], + "text" : "durable_storage" + } + ], + "hash" : "V-durable_storage", + "text" : "durable_storage", + "type" : "Struct(durable_storage)" + }, + { + "refs" : [ + { + "doc" : "Force garbage collection in MQTT connection process after\n they process certain number of messages or bytes of data.", + "hash" : "T-force_gc-S-force_gc", + "fields" : [ + { + "doc" : "在进程收到多少消息之后,对此进程执行垃圾回收。", + "hash" : "V-force_gc-S-force_gc-count", + "text" : "count", + "type" : "Integer(0..inf)", + "default" : "16000" + }, + { + "doc" : "在进程处理过多少个字节之后,对此进程执行垃圾回收。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-force_gc-S-force_gc-bytes", + "text" : "bytes", + "type" : "Bytesize", + "default" : "\"16MB\"" + } + ], + "text" : "force_gc" + } + ], + "hash" : "V-force_gc", + "text" : "force_gc", + "type" : "Struct(force_gc)" + }, + { + "refs" : [ + { + "doc" : "Features related to system monitoring and introspection.", + "hash" : "T-sysmon-S-sysmon", + "fields" : [ + { + "refs" : [ + { + "doc" : "This part of the configuration is responsible for collecting\n BEAM VM events, such as long garbage collection, traffic congestion in the inter-broker\n communication, etc.", + "hash" : "T-sysmon-S-sysmon-vm-S-sysmon_vm", + "fields" : [ + { + "doc" : "定期进程限制检查的时间间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_check_interval", + "text" : "process_check_interval", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "在发出相应警报之前,本地节点上可以同时存在多少进程的阈值(以进程百分比表示)。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_high_watermark", + "text" : "process_high_watermark", + "type" : "String", + "default" : "\"80%\"" + }, + { + "doc" : "在清除相应警报之前,本地节点上可以同时存在多少进程的阈值(以进程百分比表示)。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_low_watermark", + "text" : "process_low_watermark", + "type" : "String", + "default" : "\"60%\"" + }, + { + "doc" : "当系统检测到某个 Erlang 进程垃圾回收占用过长时间,会触发一条带有 long_gc 关键字的日志。\n同时还会发布一条主题为 $SYS/sysmon/long_gc 的 MQTT 系统消息。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_gc", + "text" : "long_gc", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "disabled" + }, + { + "doc" : "启用后,如果 Erlang VM 调度器出现某个任务占用时间过长时,会触发一条带有 'long_schedule' 关键字的日志。\n同时还会发布一条主题为 $SYS/sysmon/long_schedule 的 MQTT 系统消息。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_schedule", + "text" : "long_schedule", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"240ms\"" + }, + { + "doc" : "启用后,当一个 Erlang 进程申请了大量内存,系统会触发一条带有 large_heap 关键字的\nwarning 级别日志。同时还会发布一条主题为 $SYS/sysmon/busy_dist_port 的 MQTT 系统消息。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-large_heap", + "text" : "large_heap", + "type" : "OneOf(String(\"disabled\"),Bytesize)", + "default" : "\"32MB\"" + }, + { + "doc" : "启用后,当用于集群接点之间 RPC 的连接过忙时,会触发一条带有 busy_dist_port 关键字的 warning 级别日志。\n同时还会发布一条主题为 $SYS/sysmon/busy_dist_port 的 MQTT 系统消息。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_dist_port", + "text" : "busy_dist_port", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "当一个系统接口(例如 TCP socket)过忙,会触发一条带有 busy_port 关键字的 warning 级别的日志。\n同时还会发布一条主题为 $SYS/sysmon/busy_port 的 MQTT 系统消息。", + "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_port", + "text" : "busy_port", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "sysmon_vm" + } + ], + "hash" : "V-sysmon-S-sysmon-vm", + "text" : "vm", + "type" : "Struct(sysmon_vm)" + }, + { + "refs" : [ + { + "doc" : "This part of the configuration is responsible for monitoring\n the host OS health, such as free memory, disk space, CPU load, etc.", + "hash" : "T-sysmon-S-sysmon-os-S-sysmon_os", + "fields" : [ + { + "doc" : "定期 CPU 检查的时间间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_check_interval", + "text" : "cpu_check_interval", + "type" : "Duration", + "default" : "\"60s\"" + }, + { + "doc" : "在发出相应警报之前可以使用多少系统 CPU 的阈值,以系统 CPU 负载的百分比表示。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_high_watermark", + "text" : "cpu_high_watermark", + "type" : "String", + "default" : "\"80%\"" + }, + { + "doc" : "在解除相应警报之前可以使用多少系统 CPU 的阈值,以系统 CPU 负载的百分比表示。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_low_watermark", + "text" : "cpu_low_watermark", + "type" : "String", + "default" : "\"60%\"" + }, + { + "doc" : "定期内存检查的时间间隔。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-mem_check_interval", + "text" : "mem_check_interval", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "\"60s\"" + }, + { + "doc" : "在发出相应报警之前可以分配多少系统内存的阈值,以系统内存的百分比表示。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-sysmem_high_watermark", + "text" : "sysmem_high_watermark", + "type" : "String", + "default" : "\"70%\"" + }, + { + "doc" : "在发出相应警报之前,一个 Erlang 进程可以分配多少系统内存的阈值,以系统内存的百分比表示。", + "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-procmem_high_watermark", + "text" : "procmem_high_watermark", + "type" : "String", + "default" : "\"5%\"" + } + ], + "text" : "sysmon_os" + } + ], + "hash" : "V-sysmon-S-sysmon-os", + "text" : "os", + "type" : "Struct(sysmon_os)" + } + ], + "text" : "sysmon" + } + ], + "hash" : "V-sysmon", + "text" : "sysmon", + "type" : "Struct(sysmon)" + }, + { + "refs" : [ + { + "doc" : "Settings for the alarms.", + "hash" : "T-alarm-S-alarm", + "fields" : [ + { + "doc" : "警报激活时触发的动作。
目前,支持以下操作:logpublish.\nlog 将告警写入日志 (控制台或者文件).\npublish 将告警作为 MQTT 消息发布到系统主题:\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate and\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate", + "hash" : "V-alarm-S-alarm-actions", + "text" : "actions", + "type" : "Array(Enum(log,publish))", + "default" : "[log, publish]" + }, + { + "doc" : "最多可以存储的历史告警数量。\n\n当达到最大数量时,将删除最旧的历史告警以存储新的历史告警。", + "hash" : "V-alarm-S-alarm-size_limit", + "text" : "size_limit", + "type" : "Integer(1..3000)", + "default" : "1000" + }, + { + "doc" : "历史告警的有效期。从历史告警激活的时间开始计算,而不是取消的时间。\n\n如果告警存在的时间超过了有效期,该告警将被删除。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-alarm-S-alarm-validity_period", + "text" : "validity_period", + "type" : "Duration", + "default" : "\"24h\"" + } + ], + "text" : "alarm" + } + ], + "hash" : "V-alarm", + "text" : "alarm", + "type" : "Struct(alarm)" + }, + { + "refs" : [ + { + "doc" : "This config controls the allowed maximum number of `CONNECT` packets received\nfrom the same clientid in a time frame defined by `window_time`.\nAfter the limit is reached, successive `CONNECT` requests are forbidden\n(banned) until the end of the time period defined by `ban_time`.", + "hash" : "T-flapping_detect-S-flapping_detect", + "fields" : [ + { + "doc" : "启用抖动检测功能。", + "hash" : "V-flapping_detect-S-flapping_detect-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "抖动检测的时间窗口。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-flapping_detect-S-flapping_detect-window_time", + "text" : "window_time", + "type" : "Duration", + "default" : "\"1m\"" + }, + { + "doc" : "MQTT 客户端在“窗口”时间内允许的最大断开次数", + "hash" : "V-flapping_detect-S-flapping_detect-max_count", + "text" : "max_count", + "type" : "Integer(0..+inf)", + "default" : "15" + }, + { + "doc" : "抖动的客户端将会被禁止登录多长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-flapping_detect-S-flapping_detect-ban_time", + "text" : "ban_time", + "type" : "Duration", + "default" : "\"5m\"" + } + ], + "text" : "flapping_detect" + } + ], + "hash" : "V-flapping_detect", + "text" : "flapping_detect", + "type" : "Struct(flapping_detect)" + }, + { + "refs" : [ + { + "doc" : "Settings related to the durable session feature.", + "hash" : "T-durable_sessions-S-durable_sessions", + "fields" : [ + { + "doc" : "使用持久存储来持久化客户端会话。\n如果启用,会话和相应的消息将被持久存储,并在服务器停机时保留。", + "hash" : "V-durable_sessions-S-durable_sessions-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "此值影响持久会话的流量控制。\n持久会话以批次查询持久消息存储。\n此值指定批次的大小。\n\n注意:较大的批次通常提高系统的吞吐量和整体性能,但会增加每个客户端的 RAM 使用量。", + "hash" : "V-durable_sessions-S-durable_sessions-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Expiry interval for poll requests sent by durable sessions to the storage.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-durable_sessions-S-durable_sessions-idle_poll_interval", + "text" : "idle_poll_interval", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "Durable sessions back up their state on disc every heartbeat interval.\n\nHeartbeat interval is also taken into account during garbage collection of expired sessions.\nIt is added to the session expiry time as a safety margin when precise time of session termination is not precisely known.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-durable_sessions-S-durable_sessions-heartbeat_interval", + "text" : "heartbeat_interval", + "type" : "Duration", + "default" : "\"5000ms\"" + }, + { + "doc" : "执行持久会话垃圾回收的间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-durable_sessions-S-durable_sessions-session_gc_interval", + "text" : "session_gc_interval", + "type" : "Duration", + "default" : "\"10m\"" + }, + { + "doc" : "每次迭代要垃圾回收的过期持久会话的批量大小。", + "hash" : "V-durable_sessions-S-durable_sessions-session_gc_batch_size", + "text" : "session_gc_batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Broker keeps messages sent to the durable sessions for this period of time.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-durable_sessions-S-durable_sessions-message_retention_period", + "text" : "message_retention_period", + "type" : "Duration", + "default" : "\"1d\"" + } + ], + "text" : "durable_sessions" + } + ], + "hash" : "V-durable_sessions", + "text" : "durable_sessions", + "type" : "Struct(durable_sessions)" + }, + { + "refs" : [ + { + "doc" : "用于连接到外部系统的连接器。", + "hash" : "T-connectors-S-connectors", + "fields" : [ + { + "doc" : "Oracle Connector Config", + "refs" : [ + { + "doc" : "Oracle 客户端的配置。", + "hash" : "T-connectors-S-connectors-oracle-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
主机名具有以下形式:`Host[:Port]`。
如果未指定 `[:Port]`,则使用 Oracle Database 默认端口 1521。", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Oracle Database Sid 名称", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-sid", + "text" : "sid", + "type" : "String" + }, + { + "doc" : "Oracle Database 服务名称。", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-service_name", + "text" : "service_name", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-oracle", + "text" : "oracle", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Snowflake Connector Config", + "refs" : [ + { + "doc" : "连接到 Snowflake 服务的连接器配置。", + "hash" : "T-connectors-S-connectors-snowflake-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "连接到 Snowflake 计算服务器的地址。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Snowflake 的账户 ID。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-account", + "text" : "account", + "type" : "String" + }, + { + "doc" : "与已安装的 Snowflake ODBC 驱动程序关联的数据源名称 (DSN)。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-dsn", + "text" : "dsn", + "type" : "String" + }, + { + "doc" : "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。", + "refs" : [ + { + "doc" : "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。", + "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config", + "fields" : [ + { + "doc" : "用于连接的代理主机地址。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config-host", + "text" : "host", + "type" : "String" + }, + { + "doc" : "连接时使用的代理端口。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config-port", + "text" : "port", + "type" : "Integer(1..65535)" + } + ], + "text" : "proxy_config" + } + ], + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy", + "text" : "proxy", + "type" : "OneOf(String(\"none\"),Struct(proxy_config))", + "default" : "none" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-snowflake", + "text" : "snowflake", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "RabbitMQ Connector Config", + "refs" : [ + { + "doc" : "RabbitMQ 连接器的配置。", + "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "您想要连接的 RabbitMQ 服务器地址(例如,localhost)。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-server", + "text" : "server", + "type" : "String", + "default" : "localhost" + }, + { + "doc" : "您想要连接的 RabbitMQ 服务器地址(例如,localhost)。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-port", + "text" : "port", + "type" : "Integer(1..65535)", + "default" : "5672" + }, + { + "doc" : "用于与 RabbitMQ 服务器进行认证的用户名。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "连接池的大小", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "等待连接建立的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-timeout", + "text" : "timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "连接到 RabbitMQ 服务器时使用的虚拟主机。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-virtual_host", + "text" : "virtual_host", + "type" : "String", + "default" : "\"/\"" + }, + { + "doc" : "向 RabbitMQ 服务器发送心跳消息的间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-heartbeat", + "text" : "heartbeat", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "连接器资源选项。", + "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-rabbitmq", + "text" : "rabbitmq", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "RocketMQ Connector Config", + "refs" : [ + { + "doc" : "RocketMQ 客户端的配置。", + "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
\n主机名具有以下形式:`Host[:Port]`。
\n如果未指定 `[:Port]`,则使用 RocketMQ 默认端口 9876。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "如果你正在使用阿里云的 RocketMQ 服务并且启用了命名空间,或者您在自己的 RocketMQ 服务器中配置了命名空间,则必须配置命名空间字段。对于阿里云中的 RocketMQ 服务,命名空间就是实例 ID。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-namespace", + "text" : "namespace", + "type" : "String" + }, + { + "doc" : "RocketMQ 服务器的 `accessKey`。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-access_key", + "text" : "access_key", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "RocketMQ 服务器的 `secretKey`。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-secret_key", + "text" : "secret_key", + "type" : "Secret", + "default" : "\"\"" + }, + { + "doc" : "RocketMQ 服务器安全令牌
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-security_token", + "text" : "security_token", + "type" : "Secret", + "default" : "\"\"" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-rocketmq", + "text" : "rocketmq", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Redis Connector Config", + "refs" : [ + { + "doc" : "Redis 动作的配置。", + "hash" : "T-connectors-S-connectors-redis-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "特定于某个 Redis 连接器类型的参数集,`redis_type`可以是`single`,`cluster`或`sentinel`之一。", + "refs" : [ + { + "doc" : "Single 模式下的 Redis 连接器。", + "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector", + "fields" : [ + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "Single 模式。 当 Redis 服务器在 Single 模式下运行时必须设置为 'single' 。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-redis_type", + "text" : "redis_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis 数据库 ID。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + } + ], + "text" : "redis_single_connector" + }, + { + "doc" : "Sentinel 模式下的 Redis 连接器。", + "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector", + "fields" : [ + { + "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Sentinel 模式。 当 Redis 服务器在 Senitel 模式下运行时必须设置为 'sentinel' 。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-redis_type", + "text" : "redis_type", + "type" : "String(\"sentinel\")", + "default" : "sentinel" + }, + { + "doc" : "Redis sentinel 模式下的集群名称。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-sentinel", + "text" : "sentinel", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Redis 数据库 ID。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-database", + "text" : "database", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + } + ], + "text" : "redis_sentinel_connector" + }, + { + "doc" : "集群模式下的 Redis 连接器。", + "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector", + "fields" : [ + { + "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "Cluster 模式。当 Redis 服务器在集群模式下运行时必须设置为'cluster'。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-redis_type", + "text" : "redis_type", + "type" : "String(\"cluster\")", + "default" : "cluster" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + } + ], + "text" : "redis_cluster_connector" + } + ], + "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(redis_single_connector),Struct(redis_sentinel_connector),Struct(redis_cluster_connector))" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-redis", + "text" : "redis", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Syskeeper Connector Config", + "refs" : [ + { + "doc" : "Syskeeper 转发连接器的配置", + "hash" : "T-connectors-S-connectors-syskeeper_forwarder-S-config", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Syskeeper 代理服务器的地址", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "指定代理服务器是否应该回复消息转发的确认,可以是:
- need_ack
- no_ack
", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-ack_mode", + "text" : "ack_mode", + "type" : "Enum(need_ack,no_ack)", + "default" : "no_ack" + }, + { + "doc" : "等待代理服务器确认的最大时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-ack_timeout", + "text" : "ack_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "16" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config" + } + ], + "hash" : "V-connectors-S-connectors-syskeeper_forwarder", + "text" : "syskeeper_forwarder", + "type" : "Map($name->Struct(config))" + }, + { + "doc" : "GCP PubSub Consumer Connector Config", + "refs" : [ + { + "doc" : "GCP PubSub 消费者客户端的配置。", + "hash" : "T-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "连接 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "连接池大小。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "正整数,设置最大可发送的异步 HTTP 请求数量。当设置为 1 时,表示每次发送完成 HTTP 请求后都需要等待服务器返回,再继续发送下一个请求。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-pipelining", + "text" : "pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "请求出错时的最大重试次数。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + }, + { + "doc" : "Deprecated since e5.0.1.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + }, + { + "doc" : "包含将与 PubSub 一起使用的 GCP 服务账户凭证的 JSON。\n当创建 GCP 服务账户时(如 https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount),可以选择下载 JSON 形式的凭证,然后在该配置项中使用。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-service_account_json", + "text" : "service_account_json", + "type" : "String" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer", + "text" : "gcp_pubsub_consumer", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "MQTT Connector Config", + "refs" : [ + { + "doc" : "MQTT connector 的配置。", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "将发布消息到远程代理的 MQTT 客户端池的大小。
\n每个 MQTT 客户端都将分配'clientid',格式为'${clientid_prefix}:${bridge_name}:egress:${node}:${n}'\n其中'n'是池中客户端的编号。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "Deprecated since v5.1.0 & e5.1.0.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-mode", + "text" : "mode", + "type" : "Enum(cluster_shareload)" + }, + { + "doc" : "远程 MQTT 代理的主机和端口", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "附加到 egress 动作使用的 clientid 前缀(可选)。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clientid_prefix", + "text" : "clientid_prefix", + "type" : "String" + }, + { + "doc" : "Deprecated since v5.0.16.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-reconnect_interval", + "text" : "reconnect_interval", + "type" : "String" + }, + { + "doc" : "MQTT协议版本", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-proto_ver", + "text" : "proto_ver", + "type" : "Enum(v3,v4,v5)", + "default" : "v4" + }, + { + "doc" : "如果启用桥接模式。\n注意:此设置仅适用于 MQTT 协议版本早于5.0的情况,远程 MQTT\n代理必须支持此功能。\n如果将 bridge_mode 设置为true,则桥接将指示远程代理它是一个桥接而不是普通客户端。\n这意味着循环检测将更加有效,并且保留的消息将被正确传递。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-bridge_mode", + "text" : "bridge_mode", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "MQTT 协议的用户名", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "MQTT 协议的密码
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "在重新连接到入口动作时是否启动新会话", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clean_start", + "text" : "clean_start", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "MQTT Keepalive. Time interval is a string that contains a number followed by time unit:
- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n
or combination of whereof: `1h5m0s`", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "\"160s\"" + }, + { + "doc" : "Message retry interval. Delay for the MQTT bridge to retry sending the QoS1/QoS2 messages in case of ACK not received. Time interval is a string that contains a number followed by time unit:
- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n
or combination of whereof: `1h5m0s`", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-retry_interval", + "text" : "retry_interval", + "type" : "String", + "default" : "\"15s\"" + }, + { + "doc" : "MQTT 协议的最大 inflight(已发送但未确认)消息数", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-max_inflight", + "text" : "max_inflight", + "type" : "Integer(0..+inf)", + "default" : "32" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Couchbase Connector Config", + "refs" : [ + { + "doc" : "用于连接 Couchbase 服务的连接器配置。", + "hash" : "T-connectors-S-connectors-couchbase-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n 主机条目的格式为:`Host[:Port]`。`Host[:Port]`.
\n 如果未指定 `[:Port]`,则使用 Couchbase 默认的查询服务端口 8093。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "连接到 HTTP 服务器时的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "一个正整数,表示是否连续发送 HTTP 请求。当设置为 1 时,表示每次发送 HTTP 请求后,需要等待服务器返回再继续发送下一个请求。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-pipelining", + "text" : "pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "指定与 Couchbase 服务对接时连接池中可以维持的并发连接数。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "访问 Couchbase 服务的用户名。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "访问 Couchbase 服务的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-couchbase", + "text" : "couchbase", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Microsoft SQL Server Connector Config", + "refs" : [ + { + "doc" : "Microsoft SOL Server 连接器的配置。", + "hash" : "T-connectors-S-connectors-sqlserver-S-config_connector", + "fields" : [ + { + "doc" : "SQL Server Driver 名称", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-driver", + "text" : "driver", + "type" : "String", + "default" : "\"ms-sql\"" + }, + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
\n主机名具有以下形式:`Host[:Port]`。
\n如果未指定 `[:Port]`,则使用 SQL Server 默认端口 1433。", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-username", + "text" : "username", + "type" : "String", + "default" : "sa" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-sqlserver", + "text" : "sqlserver", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "MongoDB Connector Config", + "refs" : [ + { + "doc" : "MongoDB 动作的配置", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "特定于此 MongoDB 连接器类型的一组参数,mongo_type 可以是 single(独立)、sharded(分片)或 rs(副本集)之一。", + "refs" : [ + { + "doc" : "单个 MongoDB 实例的设置", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single", + "fields" : [ + { + "doc" : "独立实例。当MongoDB服务器以独立模式运行时,必须设置为`single`。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-mongo_type", + "text" : "mongo_type", + "type" : "String(\"single\")", + "default" : "single" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
主机条目具有以下形式:主机[:端口]。
如果未指定[:端口],则使用MongoDB的默认端口27017。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + } + ], + "text" : "connector_single" + }, + { + "doc" : "分片集群的设置。", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded", + "fields" : [ + { + "doc" : "分片集群。当 MongoDB 服务器以`分片`模式运行时,必须设置为`sharded`。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-mongo_type", + "text" : "mongo_type", + "type" : "String(\"sharded\")", + "default" : "sharded" + }, + { + "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + } + ], + "text" : "connector_sharded" + }, + { + "doc" : "副本集的设置。", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs", + "fields" : [ + { + "doc" : "副本集。当MongoDB服务器以`副本集`模式运行时,必须设置为`rs`。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-mongo_type", + "text" : "mongo_type", + "type" : "String(\"rs\")", + "default" : "rs" + }, + { + "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "写入模式", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-w_mode", + "text" : "w_mode", + "type" : "Enum(unsafe,safe)", + "default" : "unsafe" + }, + { + "doc" : "读取模式。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-r_mode", + "text" : "r_mode", + "type" : "Enum(master,slave_ok)", + "default" : "master" + }, + { + "doc" : "副本集的名称。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-replica_set_name", + "text" : "replica_set_name", + "type" : "String" + } + ], + "text" : "connector_rs" + } + ], + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(connector_single),Struct(connector_sharded),Struct(connector_rs))" + }, + { + "doc" : "使用 DNS SRV 记录。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-srv_record", + "text" : "srv_record", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-use_legacy_protocol", + "text" : "use_legacy_protocol", + "type" : "Enum(auto,true,false)", + "default" : "auto" + }, + { + "doc" : "与用户认证信息关联的数据库名称。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-auth_source", + "text" : "auth_source", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "MongoDB 的拓扑结构。", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology", + "fields" : [ + { + "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-max_overflow", + "text" : "max_overflow", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-overflow_ttl", + "text" : "overflow_ttl", + "type" : "Duration" + }, + { + "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-overflow_check_period", + "text" : "overflow_check_period", + "type" : "Duration" + }, + { + "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-local_threshold_ms", + "text" : "local_threshold_ms", + "type" : "Duration" + }, + { + "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-connect_timeout_ms", + "text" : "connect_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-socket_timeout_ms", + "text" : "socket_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-server_selection_timeout_ms", + "text" : "server_selection_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-wait_queue_timeout_ms", + "text" : "wait_queue_timeout_ms", + "type" : "Duration" + }, + { + "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-heartbeat_frequency_ms", + "text" : "heartbeat_frequency_ms", + "type" : "Duration", + "default" : "\"200s\"" + }, + { + "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-min_heartbeat_frequency_ms", + "text" : "min_heartbeat_frequency_ms", + "type" : "Duration" + } + ], + "text" : "topology" + } + ], + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology", + "text" : "topology", + "type" : "Struct(topology)" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-mongodb", + "text" : "mongodb", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Datalayers Connector Config", + "refs" : [ + { + "doc" : "Datalayers 数据集成的配置", + "hash" : "T-connectors-S-connectors-datalayers-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式为:`Host[:Port]`.
\n如果未指定 `[:Port]`,则使用 Datalayers 的默认端口 8361。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-server", + "text" : "server", + "type" : "String", + "default" : "\"127.0.0.1:8361\"" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer", + "default" : "8" + }, + { + "doc" : "特定于此 Datalayers 连接器类型的参数集。", + "refs" : [ + { + "doc" : "特定于此 Datalayers 连接器类型的参数集。", + "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters", + "fields" : [ + { + "doc" : "用于与 Datalayers 服务通信的驱动程序。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-driver_type", + "text" : "driver_type", + "type" : "Enum(influxdb_v1)", + "default" : "influxdb_v1" + }, + { + "doc" : "Datalayers 数据库", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "Datalayers 用户名。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "Datalayers 密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "datalayers_influxdb_v1_parameters" + } + ], + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(datalayers_influxdb_v1_parameters))" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-datalayers", + "text" : "datalayers", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Azure Blob Storage Connector Config", + "refs" : [ + { + "doc" : "用来连接 Azure Blob Storage 服务的连接器配置。", + "hash" : "T-connectors-S-connectors-azure_blob_storage-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "Azure Blob Storage 服务的账户名称。", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-account_name", + "text" : "account_name", + "type" : "String" + }, + { + "doc" : "Azure Blob Storage 服务的访问密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-account_key", + "text" : "account_key", + "type" : "Secret" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-azure_blob_storage", + "text" : "azure_blob_storage", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Kafka Consumer Connector Config", + "refs" : [ + { + "doc" : "Kafka 消费者客户端的配置。", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "用逗号分隔的 host[:port] 主机列表。默认端口号为 9092。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-bootstrap_hosts", + "text" : "bootstrap_hosts", + "type" : "String" + }, + { + "doc" : "建立 TCP 连接时的最大等待时长(若启用认证,这个等待时长也包含完成认证所需时间)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "刷新 Kafka broker 和 Kafka 主题元数据段最短时间间隔。设置太小可能会增加 Kafka 压力。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-min_metadata_refresh_interval", + "text" : "min_metadata_refresh_interval", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "刷新元数据时最大等待时长。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-metadata_request_timeout", + "text" : "metadata_request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "认证参数。", + "refs" : [ + { + "doc" : "基于用户名密码的认证。", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password", + "fields" : [ + { + "doc" : "SASL 认证方法名称。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-mechanism", + "text" : "mechanism", + "type" : "Enum(plain,scram_sha_256,scram_sha_512)" + }, + { + "doc" : "SASL 认证的用户名。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "SASL 认证的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_username_password" + }, + { + "doc" : "使用 GSSAPI/Kerberos 认证。", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos", + "fields" : [ + { + "doc" : "SASL GSSAPI 认证方法的 Kerberos 主体,例如 kafka/node1.example.com@EXAMPLE.COM/code>,注意:这里使用的 realm 需要配置在 EMQX 服务器的 /etc/krb5.conf 中。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_principal", + "text" : "kerberos_principal", + "type" : "String" + }, + { + "doc" : "SASL GSSAPI 认证方法的 Kerberos keytab 文件。注意:该文件需要上传到 EMQX 服务器中,且运行 EMQX 服务的系统账户需要有读取权限。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_keytab_file", + "text" : "kerberos_keytab_file", + "type" : "String" + } + ], + "text" : "auth_gssapi_kerberos" + } + ], + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication", + "text" : "authentication", + "type" : "OneOf(String(\"none\"),Struct(auth_username_password),Struct(auth_gssapi_kerberos))", + "default" : "none" + }, + { + "doc" : "更多 Socket 参数设置。", + "refs" : [ + { + "doc" : "更多 Socket 参数设置。", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts", + "fields" : [ + { + "doc" : "TCP socket 的发送缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP socket 的收包缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "设置‘true’让系统内核立即发送。否则当需要发送的内容很少时,可能会有一定延迟(默认 40 毫秒)。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 Kafka 桥接连接启用 TCP keepalive。\n该值是3个由逗号分隔的数字,格式为 'Idle,Interval,Probes'。\n - Idle: 连接在服务器开始发送 keep-alive 探测(Linux 默认 7200)之前需要空闲的秒数。\n - Interval: TCP keep-alive 探测发送间隔的秒数(Linux 默认 75)。\n - Probes: 如果没有从另一端获得响应,在放弃并终止连接之前发送的 TCP keep-alive 探测的最大数量 (Linux 默认 9)。\n例如 \"240,30,5\" 表示: 在连接空闲 240 秒后发送 TCP keepalive 探测 ,并且每 30 秒发送一次探测,直到收到响应,如果连续错过 5 个响应,则应关闭连接。\n默认值: 'none'", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive", + "text" : "tcp_keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "socket_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts", + "text" : "socket_opts", + "type" : "Struct(socket_opts)" + }, + { + "doc" : "专用于更精确的连接器健康检查的主题名称。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-health_check_topic", + "text" : "health_check_topic", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Kafka 客户端的 TLS/SSL 选项", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "TLS 握手的 Server Name Indication (SNI) 设置。
\n- auto:客户端将使用 \"servicebus.windows.net\" 作为 SNI。
\n- disable:如果您希望阻止客户端发送 SNI。
\n- 其他字符串值将按原样发送。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)", + "default" : "auto" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-kafka_consumer", + "text" : "kafka_consumer", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Matrix Connector Config", + "refs" : [ + { + "doc" : "PostgreSQL 连接器的配置。", + "hash" : "T-connectors-S-connectors-matrix-S-config_connector", + "fields" : [ + { + "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目具有以下格式:Host[:Port]。
\n如果未指定 [:Port],将使用 PostgreSQL 默认端口5432。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "数据库名字。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-matrix", + "text" : "matrix", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "IoTDB Connector Config", + "refs" : [ + { + "doc" : "Apache IoTDB 连接器的配置。", + "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "连接池类型。可以是random、hash之一。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "连接池大小。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + }, + { + "doc" : "IoTDB 连接器使用的驱动程序,可以是:\n- rest\n- thrift", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-driver", + "text" : "driver", + "type" : "Enum(restapi)", + "default" : "restapi" + }, + { + "doc" : "IoTDB REST 服务的 URL。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-base_url", + "text" : "base_url", + "type" : "String" + }, + { + "doc" : "IoTDB 版本。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-iotdb_version", + "text" : "iotdb_version", + "type" : "Enum(v1.3.x,v1.1.x,v1.0.x,v0.13.x)", + "default" : "\"v1.3.x\"" + }, + { + "doc" : "认证配置", + "refs" : [ + { + "doc" : "认证配置", + "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication", + "fields" : [ + { + "doc" : "在 IoTDB REST/Thrift 接口中配置的用户名。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "在 IoTDB/Thrift REST 接口中配置的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "authentication" + } + ], + "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication", + "text" : "authentication", + "type" : "OneOf(Struct(authentication))", + "default" : "auth_basic" + } + ], + "text" : "config_restapi" + }, + { + "doc" : "Apache IoTDB 连接器的配置。", + "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "IoTDB 连接器使用的驱动程序,可以是:\n- rest\n- thrift", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-driver", + "text" : "driver", + "type" : "Enum(thrift)", + "default" : "restapi" + }, + { + "doc" : "IoTDB Thrift 服务器的地址(主机:端口)。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "IoTDB Thrift 协议的版本。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-protocol_version", + "text" : "protocol_version", + "type" : "Enum(protocol_v1,protocol_v2,protocol_v3)", + "default" : "protocol_v3" + }, + { + "doc" : "IoTDB Thrift 会话的时区。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-zoneId", + "text" : "zoneId", + "type" : "String", + "default" : "\"Asia/Shanghai\"" + }, + { + "doc" : "IoTDB Thrift 连接池的大小。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "连接到 IoTDB Thrift 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "IoTDB Thrift 服务器响应的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-recv_timeout", + "text" : "recv_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "在 IoTDB REST/Thrift 接口中配置的用户名。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "在 IoTDB/Thrift REST 接口中配置的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "Connector resource options", + "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_thrift" + } + ], + "hash" : "V-connectors-S-connectors-iotdb", + "text" : "iotdb", + "type" : "Map($name->OneOf(Struct(config_restapi),Struct(config_thrift)))" + }, + { + "doc" : "Kinesis Connector Config", + "refs" : [ + { + "doc" : "Kinesis 客户端的配置。", + "hash" : "T-connectors-S-connectors-kinesis-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "连接到 Amazon Kinesis 的访问密钥 ID。", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-aws_access_key_id", + "text" : "aws_access_key_id", + "type" : "String" + }, + { + "doc" : "连接到 Amazon Kinesis 的 AWS 秘密访问密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-aws_secret_access_key", + "text" : "aws_secret_access_key", + "type" : "Secret" + }, + { + "doc" : "Amazon Kinesis 终端节点的 URL。", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-endpoint", + "text" : "endpoint", + "type" : "String" + }, + { + "doc" : "发送请求时发生错误的最大重试次数。", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + }, + { + "doc" : "连接池大小", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-kinesis", + "text" : "kinesis", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Kafka Producer Connector Config", + "refs" : [ + { + "doc" : "一个 Kafka 生产者客户端的配置项", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "用逗号分隔的 host[:port] 主机列表。默认端口号为 9092。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-bootstrap_hosts", + "text" : "bootstrap_hosts", + "type" : "String" + }, + { + "doc" : "建立 TCP 连接时的最大等待时长(若启用认证,这个等待时长也包含完成认证所需时间)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "刷新 Kafka broker 和 Kafka 主题元数据段最短时间间隔。设置太小可能会增加 Kafka 压力。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-min_metadata_refresh_interval", + "text" : "min_metadata_refresh_interval", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "刷新元数据时最大等待时长。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-metadata_request_timeout", + "text" : "metadata_request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "认证参数。", + "refs" : [ + { + "doc" : "基于用户名密码的认证。", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password", + "fields" : [ + { + "doc" : "SASL 认证方法名称。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-mechanism", + "text" : "mechanism", + "type" : "Enum(plain,scram_sha_256,scram_sha_512)" + }, + { + "doc" : "SASL 认证的用户名。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "SASL 认证的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_username_password" + }, + { + "doc" : "使用 GSSAPI/Kerberos 认证。", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos", + "fields" : [ + { + "doc" : "SASL GSSAPI 认证方法的 Kerberos 主体,例如 kafka/node1.example.com@EXAMPLE.COM/code>,注意:这里使用的 realm 需要配置在 EMQX 服务器的 /etc/krb5.conf 中。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_principal", + "text" : "kerberos_principal", + "type" : "String" + }, + { + "doc" : "SASL GSSAPI 认证方法的 Kerberos keytab 文件。注意:该文件需要上传到 EMQX 服务器中,且运行 EMQX 服务的系统账户需要有读取权限。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_keytab_file", + "text" : "kerberos_keytab_file", + "type" : "String" + } + ], + "text" : "auth_gssapi_kerberos" + } + ], + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication", + "text" : "authentication", + "type" : "OneOf(String(\"none\"),Struct(auth_username_password),Struct(auth_gssapi_kerberos))", + "default" : "none" + }, + { + "doc" : "更多 Socket 参数设置。", + "refs" : [ + { + "doc" : "更多 Socket 参数设置。", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts", + "fields" : [ + { + "doc" : "TCP socket 的发送缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP socket 的收包缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "设置‘true’让系统内核立即发送。否则当需要发送的内容很少时,可能会有一定延迟(默认 40 毫秒)。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 Kafka 桥接连接启用 TCP keepalive。\n该值是3个由逗号分隔的数字,格式为 'Idle,Interval,Probes'。\n - Idle: 连接在服务器开始发送 keep-alive 探测(Linux 默认 7200)之前需要空闲的秒数。\n - Interval: TCP keep-alive 探测发送间隔的秒数(Linux 默认 75)。\n - Probes: 如果没有从另一端获得响应,在放弃并终止连接之前发送的 TCP keep-alive 探测的最大数量 (Linux 默认 9)。\n例如 \"240,30,5\" 表示: 在连接空闲 240 秒后发送 TCP keepalive 探测 ,并且每 30 秒发送一次探测,直到收到响应,如果连续错过 5 个响应,则应关闭连接。\n默认值: 'none'", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive", + "text" : "tcp_keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "socket_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts", + "text" : "socket_opts", + "type" : "Struct(socket_opts)" + }, + { + "doc" : "专用于更精确的连接器健康检查的主题名称。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-health_check_topic", + "text" : "health_check_topic", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Kafka 客户端的 TLS/SSL 选项", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "TLS 握手的 Server Name Indication (SNI) 设置。
\n- auto:客户端将使用 \"servicebus.windows.net\" 作为 SNI。
\n- disable:如果您希望阻止客户端发送 SNI。
\n- 其他字符串值将按原样发送。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)", + "default" : "auto" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-kafka_producer", + "text" : "kafka_producer", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "GreptimeDB Connector Config", + "refs" : [ + { + "doc" : "GreptimeDB 动作的配置。", + "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式如下:主机名[:端口]。
\n如果未指定 [:端口],则使用 GreptimeDB 的默认端口 8086。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-server", + "text" : "server", + "type" : "String", + "default" : "\"127.0.0.1:4001\"" + }, + { + "doc" : "GreptimeDB 数据库", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-dbname", + "text" : "dbname", + "type" : "String" + }, + { + "doc" : "GreptimeDB 用户名。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "GreptimeDB 密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-greptimedb", + "text" : "greptimedb", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "DynamoDB Connector Config", + "refs" : [ + { + "doc" : "DynamoDB 连接器的配置。", + "hash" : "T-connectors-S-connectors-dynamo-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "DynamoDB 的地址。", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "AWS Dynamo 的区域", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-region", + "text" : "region", + "type" : "String" + }, + { + "doc" : "DynamoDB 的访问 ID。", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-aws_access_key_id", + "text" : "aws_access_key_id", + "type" : "String" + }, + { + "doc" : "DynamoDB 的访问密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-aws_secret_access_key", + "text" : "aws_secret_access_key", + "type" : "Secret" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-dynamo", + "text" : "dynamo", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Azure Event Hub Connector Config", + "refs" : [ + { + "doc" : "Azure Event Hubs 数据桥接配置项。", + "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "逗号分隔的 Azure Event Hubs Kafka 命名空间主机名 host[:port] ,用于引导客户端。 默认端口号为 9093。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-bootstrap_hosts", + "text" : "bootstrap_hosts", + "type" : "String" + }, + { + "doc" : "TCP 连接建立的最大等待时间(包括如果已启用身份认证则包括身份认证时间)
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "客户端在刷新 Azure Event Hubs Kafka 代理和主题元数据之前必须等待的最小时间间隔。设置太小的值可能会给 Azure Event Hubs 增加额外的负载。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-min_metadata_refresh_interval", + "text" : "min_metadata_refresh_interval", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "从 Azure Event Hubs 获取元数据时的最大等待时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-metadata_request_timeout", + "text" : "metadata_request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "认证配置", + "refs" : [ + { + "doc" : "基于用户名/密码进行认证", + "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication-S-auth_username_password", + "fields" : [ + { + "doc" : "用于连接 Azure Event Hubs 的连接字符串。应为命名空间共享访问策略的 \"连接字符串-主键\"。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication-S-auth_username_password-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_username_password" + } + ], + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication", + "text" : "authentication", + "type" : "Struct(auth_username_password)", + "default" : "{}" + }, + { + "doc" : "额外的套接字选项。", + "refs" : [ + { + "doc" : "更多 Socket 参数设置。", + "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts", + "fields" : [ + { + "doc" : "TCP socket 的发送缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP socket 的收包缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "设置‘true’让系统内核立即发送。否则当需要发送的内容很少时,可能会有一定延迟(默认 40 毫秒)。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 Kafka 桥接连接启用 TCP keepalive。\n该值是3个由逗号分隔的数字,格式为 'Idle,Interval,Probes'。\n - Idle: 连接在服务器开始发送 keep-alive 探测(Linux 默认 7200)之前需要空闲的秒数。\n - Interval: TCP keep-alive 探测发送间隔的秒数(Linux 默认 75)。\n - Probes: 如果没有从另一端获得响应,在放弃并终止连接之前发送的 TCP keep-alive 探测的最大数量 (Linux 默认 9)。\n例如 \"240,30,5\" 表示: 在连接空闲 240 秒后发送 TCP keepalive 探测 ,并且每 30 秒发送一次探测,直到收到响应,如果连续错过 5 个响应,则应关闭连接。\n默认值: 'none'", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive", + "text" : "tcp_keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "socket_opts" + } + ], + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts", + "text" : "socket_opts", + "type" : "Struct(socket_opts)" + }, + { + "doc" : "专用于更精确的连接器健康检查的主题名称。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-health_check_topic", + "text" : "health_check_topic", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "用于 Azure Event Hubs 客户端的 TLS/SSL 选项。", + "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "String(\"true\")", + "default" : "true" + }, + { + "doc" : "TLS 握手的服务器名称指示(SNI)设置。
\n- auto:客户端将使用\"servicebus.windows.net\"作为SNI。
\n- disable:如果您希望阻止客户端发送SNI。
\n- 其他字符串值将按原样发送。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)", + "default" : "auto" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = true}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-azure_event_hub_producer", + "text" : "azure_event_hub_producer", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "HStreamDB Connector Config", + "refs" : [ + { + "doc" : "HStreamDB 连接器的配置", + "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "HStreamDB 服务器 URL。使用 gRPC http 服务器地址。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-url", + "text" : "url", + "type" : "String", + "default" : "\"http://127.0.0.1:6570\"" + }, + { + "doc" : "HStreamDB gRPC 连接超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-grpc_timeout", + "text" : "grpc_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-hstreamdb", + "text" : "hstreamdb", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "ElasticSearch Connector Config", + "refs" : [ + { + "doc" : "ElasticSearch 动作的配置。", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "连接池类型。可以是random、hash之一。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "连接池大小。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。\n一个主机条目有如下形式:`主机[:端口]`。\n如果没有指定 `[:端口]`,则使用 Elasticsearch 默认端口 9200。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-server", + "text" : "server", + "type" : "String", + "default" : "\"127.0.0.1:9200\"" + }, + { + "doc" : "认证配置", + "refs" : [ + { + "doc" : "Basic Authentication", + "hash" : "T-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic", + "fields" : [ + { + "doc" : "IoTDB REST 接口配置的用户名", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "ElasticSearch REST 连接密码
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_basic" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication", + "text" : "authentication", + "type" : "OneOf(Struct(auth_basic))" + } + ], + "text" : "config" + } + ], + "hash" : "V-connectors-S-connectors-elasticsearch", + "text" : "elasticsearch", + "type" : "Map($name->Struct(config))" + }, + { + "doc" : "Pulsar Connector Config", + "refs" : [ + { + "doc" : "Pulsar 连接器配置。", + "hash" : "T-connectors-S-connectors-pulsar-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "以逗号分隔的 scheme://host[:port] 格式的 Pulsar URL 列表,支持的 scheme 有 pulsar:// (默认)和pulsar+ssl://。默认的端口是 6650。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "认证参数。", + "refs" : [ + { + "doc" : "基本认证的参数。", + "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic", + "fields" : [ + { + "doc" : "基本认证用户名。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "基本认证密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_basic" + }, + { + "doc" : "令牌认证的参数。", + "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_token", + "fields" : [ + { + "doc" : "JWT 认证令牌。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_token-jwt", + "text" : "jwt", + "type" : "Secret" + } + ], + "text" : "auth_token" + } + ], + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication", + "text" : "authentication", + "type" : "OneOf(String(\"none\"),Struct(auth_basic),Struct(auth_token))", + "default" : "none" + }, + { + "doc" : "建立 TCP 连接时的最大等待时长(若启用认证,这个等待时长也包含完成认证所需时间)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "Pulsar 连接器资源选项。", + "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-pulsar", + "text" : "pulsar", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "GCP PubSub Producer Connector Config", + "refs" : [ + { + "doc" : "GCP PubSub 生产者客户端的具体配置。", + "hash" : "T-connectors-S-connectors-gcp_pubsub_producer-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "连接 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "连接池大小。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "正整数,设置最大可发送的异步 HTTP 请求数量。当设置为 1 时,表示每次发送完成 HTTP 请求后都需要等待服务器返回,再继续发送下一个请求。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-pipelining", + "text" : "pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "请求出错时的最大重试次数。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + }, + { + "doc" : "Deprecated since e5.0.1.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + }, + { + "doc" : "包含将与 PubSub 一起使用的 GCP 服务账户凭证的 JSON。\n当创建 GCP 服务账户时(如 https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount),可以选择下载 JSON 形式的凭证,然后在该配置项中使用。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-service_account_json", + "text" : "service_account_json", + "type" : "String" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-gcp_pubsub_producer", + "text" : "gcp_pubsub_producer", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "PostgreSQL Connector Config", + "refs" : [ + { + "doc" : "PostgreSQL 连接器的配置。", + "hash" : "T-connectors-S-connectors-pgsql-S-config_connector", + "fields" : [ + { + "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目具有以下格式:Host[:Port]。
\n如果未指定 [:Port],将使用 PostgreSQL 默认端口5432。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "数据库名字。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-pgsql", + "text" : "pgsql", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "OpenTSDB Connector Config", + "refs" : [ + { + "doc" : "OpenTSDB 连接器的配置。", + "hash" : "T-connectors-S-connectors-opents-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "服务器的地址。", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "是否返回摘要信息。", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-summary", + "text" : "summary", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "是否返回详细信息。", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-details", + "text" : "details", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-opents", + "text" : "opents", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Syskeeper Proxy Connector Config", + "refs" : [ + { + "doc" : "Syskeeper 代理连接器的配置", + "hash" : "T-connectors-S-connectors-syskeeper_proxy-S-config", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "此 Syskeeper 代理服务器的监听地址", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-listen", + "text" : "listen", + "type" : "String" + }, + { + "doc" : "接受者的数量", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-acceptors", + "text" : "acceptors", + "type" : "Integer(0..+inf)", + "default" : "16" + }, + { + "doc" : "在创建连接时等待握手的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config" + } + ], + "hash" : "V-connectors-S-connectors-syskeeper_proxy", + "text" : "syskeeper_proxy", + "type" : "Map($name->Struct(config))" + }, + { + "doc" : "S3 Connector Config", + "refs" : [ + { + "doc" : "配置连接到兼容 S3 API 存储服务的连接器。", + "hash" : "T-connectors-S-connectors-s3-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "S3 桶的访问密钥 ID。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-access_key_id", + "text" : "access_key_id", + "type" : "String" + }, + { + "doc" : "S3 桶的密钥访问密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-secret_access_key", + "text" : "secret_access_key", + "type" : "Secret" + }, + { + "doc" : "S3 端点的主机。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-host", + "text" : "host", + "type" : "String" + }, + { + "doc" : "S3 端点的端口。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-port", + "text" : "port", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "S3 客户端使用的 HTTP 传输层选项。", + "refs" : [ + { + "doc" : "Options for the HTTP transport layer used by the S3 client", + "hash" : "T-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options", + "fields" : [ + { + "doc" : "是否探测 IPv6 支持。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ipv6_probe", + "text" : "ipv6_probe", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "连接池类型。可以是random、hash之一。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "连接池大小。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "transport_options" + } + ], + "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options", + "text" : "transport_options", + "type" : "Struct(transport_options)" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "s3_connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(s3_connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-s3", + "text" : "s3", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Timescale Connector Config", + "refs" : [ + { + "doc" : "PostgreSQL 连接器的配置。", + "hash" : "T-connectors-S-connectors-timescale-S-config_connector", + "fields" : [ + { + "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目具有以下格式:Host[:Port]。
\n如果未指定 [:Port],将使用 PostgreSQL 默认端口5432。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-disable_prepared_statements", + "text" : "disable_prepared_statements", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "数据库名字。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-timescale", + "text" : "timescale", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "TDengine Connector Config", + "refs" : [ + { + "doc" : "TDengine 连接器的配置。", + "hash" : "T-connectors-S-connectors-tdengine-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
\n主机名具有以下形式:`Host[:Port]`。
\n如果未指定 `[:Port]`,则使用 TDengine 默认端口 6041。", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-tdengine", + "text" : "tdengine", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "HTTP Connector Config", + "refs" : [ + { + "doc" : "HTTP 动作的配置", + "hash" : "T-connectors-S-connectors-http-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-http-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "HTTP 动作的 URL。
\n此路径允许使用带有变量的模板,但变量不能用于方案、主机或端口部分。
\n例如, http://localhost:9901/${topic} 是允许的,但\n http://${host}:9901/message http://localhost:${port}/message \n是不允许的。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "HTTP 请求头。
\n允许使用带有变量的模板。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-retry_interval", + "text" : "retry_interval", + "type" : "Duration" + }, + { + "doc" : "连接池类型。可以是random、hash之一。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "连接池大小。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "Deprecated since 5.3.2.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-request", + "text" : "request", + "type" : "Map" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-http", + "text" : "http", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "MySQL Connector Config", + "refs" : [ + { + "doc" : "MySQL 动作的配置", + "hash" : "T-connectors-S-connectors-mysql-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式如下:主机[:端口]。
\n如果未指定[:端口],将使用 MySQL 的默认端口3306。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "数据库名字。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-username", + "text" : "username", + "type" : "String", + "default" : "root" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-mysql", + "text" : "mysql", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Cassandra Connector Config", + "refs" : [ + { + "doc" : "Cassandra 桥接配置", + "hash" : "T-connectors-S-connectors-cassandra-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
\n主机名具有以下形式:`Host[:Port][,Host2:Port]`。
\n如果未指定 `[:Port]`,则使用 Cassandra 默认端口 9042。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-servers", + "text" : "servers", + "type" : "String" + }, + { + "doc" : "要连接到的 Keyspace 名称。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-keyspace", + "text" : "keyspace", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-cassandra", + "text" : "cassandra", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "ClickHouse Connector Config", + "refs" : [ + { + "doc" : "Clickhouse 桥接配置", + "hash" : "T-connectors-S-connectors-clickhouse-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "你想连接到的 Clickhouse 服务器的 HTTP URL(例如 http://myhostname:8123)。", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "连接 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "数据库名字。", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "Deprecated since v5.0.15.", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-auto_reconnect", + "text" : "auto_reconnect", + "type" : "Boolean" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-clickhouse", + "text" : "clickhouse", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "InfluxDB Connector Config", + "refs" : [ + { + "doc" : "InfluxDB 桥接配置。", + "hash" : "T-connectors-S-connectors-influxdb-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
\n主机名具有以下形式:`Host[:Port]`。
\n如果未指定 `[:Port]`,则使用 InfluxDB 默认端口 8086。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-server", + "text" : "server", + "type" : "String", + "default" : "\"127.0.0.1:8086\"" + }, + { + "doc" : "Size of the connection pool towards the bridge target service.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-pool_size", + "text" : "pool_size", + "type" : "Integer", + "default" : "8" + }, + { + "doc" : "给定版本的 InfluxDB 连接器的参数集,`influxdb_type` 可以是 `influxdb_api_v1` 或 `influxdb_api_v2`。", + "refs" : [ + { + "doc" : "InfluxDB HTTP API 协议。支持 Influxdb v1.8 以及之前的版本。", + "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1", + "fields" : [ + { + "doc" : "InfluxDB HTTP API 协议。支持 Influxdb v1.8 以及之前的版本。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-influxdb_type", + "text" : "influxdb_type", + "type" : "String(\"influxdb_api_v1\")", + "default" : "influxdb_api_v1" + }, + { + "doc" : "InfluxDB 数据库。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "InfluxDB 用户名。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "InfluxDB 密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "connector_influxdb_api_v1" + }, + { + "doc" : "InfluxDB HTTP API V2 协议。支持 Influxdb v2.0 以及之后的版本。", + "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2", + "fields" : [ + { + "doc" : "InfluxDB HTTP API V2 协议。支持 Influxdb v2.0 以及之后的版本。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-influxdb_type", + "text" : "influxdb_type", + "type" : "String(\"influxdb_api_v2\")", + "default" : "influxdb_api_v2" + }, + { + "doc" : "InfluxDB bucket 名称。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-bucket", + "text" : "bucket", + "type" : "String" + }, + { + "doc" : "InfluxDB 组织名称。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-org", + "text" : "org", + "type" : "String" + }, + { + "doc" : "InfluxDB 令牌。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-token", + "text" : "token", + "type" : "Secret" + } + ], + "text" : "connector_influxdb_api_v2" + } + ], + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(connector_influxdb_api_v1),Struct(connector_influxdb_api_v2))" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-influxdb", + "text" : "influxdb", + "type" : "Map($name->Struct(config_connector))" + }, + { + "doc" : "Confluent Connector Config", + "refs" : [ + { + "doc" : "Confluent 动作的配置", + "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector", + "fields" : [ + { + "doc" : "连接器的标签", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "逗号分隔的 Confluent Kafka 命名空间主机名 host[:port] ,用于引导客户端。 默认端口号为 9092。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-bootstrap_hosts", + "text" : "bootstrap_hosts", + "type" : "String" + }, + { + "doc" : "TCP 连接建立的最大等待时间(包括启用认证时的认证时间)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "客户端刷新 Confluent Kafka 代理和主题元数据的最短时间间隔。设置过小的值可能会给 Confluent 增加额外的负载。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-min_metadata_refresh_interval", + "text" : "min_metadata_refresh_interval", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "从 Confluent 获取元数据的最大等待时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-metadata_request_timeout", + "text" : "metadata_request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "认证配置", + "refs" : [ + { + "doc" : "基于用户名/密码的认证。", + "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password", + "fields" : [ + { + "doc" : "Confluent 键。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "auth_username_password" + } + ], + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication", + "text" : "authentication", + "type" : "Struct(auth_username_password)", + "default" : "{}" + }, + { + "doc" : "额外的套接字选项。", + "refs" : [ + { + "doc" : "更多 Socket 参数设置。", + "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts", + "fields" : [ + { + "doc" : "TCP socket 的发送缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "TCP socket 的收包缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "设置‘true’让系统内核立即发送。否则当需要发送的内容很少时,可能会有一定延迟(默认 40 毫秒)。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 Kafka 桥接连接启用 TCP keepalive。\n该值是3个由逗号分隔的数字,格式为 'Idle,Interval,Probes'。\n - Idle: 连接在服务器开始发送 keep-alive 探测(Linux 默认 7200)之前需要空闲的秒数。\n - Interval: TCP keep-alive 探测发送间隔的秒数(Linux 默认 75)。\n - Probes: 如果没有从另一端获得响应,在放弃并终止连接之前发送的 TCP keep-alive 探测的最大数量 (Linux 默认 9)。\n例如 \"240,30,5\" 表示: 在连接空闲 240 秒后发送 TCP keepalive 探测 ,并且每 30 秒发送一次探测,直到收到响应,如果连续错过 5 个响应,则应关闭连接。\n默认值: 'none'", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive", + "text" : "tcp_keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "socket_opts" + } + ], + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts", + "text" : "socket_opts", + "type" : "Struct(socket_opts)" + }, + { + "doc" : "专用于更精确的连接器健康检查的主题名称。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-health_check_topic", + "text" : "health_check_topic", + "type" : "String" + }, + { + "refs" : [ + { + "doc" : "Confluent 客户端的 TLS/SSL 选项。", + "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "TLS 握手的服务器名称指示(SNI)设置。
\n- auto:客户端将使用\"servicebus.windows.net\"作为 SNI。
\n- disable:如果您不希望客户端发送 SNI。
\n- 其他字符串值将按原样发送。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)", + "default" : "auto" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = true}" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "connector_resource_opts" + } + ], + "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts", + "text" : "resource_opts", + "type" : "Struct(connector_resource_opts)", + "default" : "{}" + } + ], + "text" : "config_connector" + } + ], + "hash" : "V-connectors-S-connectors-confluent_producer", + "text" : "confluent_producer", + "type" : "Map($name->Struct(config_connector))" + } + ], + "text" : "connectors" + } + ], + "hash" : "V-connectors", + "text" : "connectors", + "type" : "Struct(connectors)" + }, + { + "refs" : [ + { + "doc" : "数据桥接的配置信息", + "hash" : "T-actions-S-actions", + "fields" : [ + { + "doc" : "Oracle Action Config", + "refs" : [ + { + "doc" : "Oracle 动作的配置。", + "hash" : "T-actions-S-actions-oracle-S-oracle_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "针对动作的详细配置。", + "refs" : [ + { + "doc" : "针对动作的详细配置。", + "hash" : "T-actions-S-actions-oracle-S-oracle_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL 模板。模板字符串可以包含消息元数据和有效载荷字段的占位符。占位符的插入不需要任何检查和特殊格式化,因此必须确保插入的数值格式化和转义正确。模板字符串可以包含占位符模板字符串可以包含消息元数据和有效载荷字段的占位符。这些占位符被插入所以必须确保插入的值的格式正确。因此,确保插入的值格式化和转义正确是非常重要的。模板字符串可以包含占位符模板字符串可以包含消息元数据和有效载荷字段的占位符。这些占位符被插入所以必须确保插入的值的格式正确。确保插入的值被正确地格式化和转义。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-oracle-S-oracle_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "oracle_action" + } + ], + "hash" : "V-actions-S-actions-oracle", + "text" : "oracle", + "type" : "Map($name->Struct(oracle_action))" + }, + { + "doc" : "Snowflake Action Config", + "refs" : [ + { + "doc" : "将接收的事件上传到 Snowflake 的动作。", + "hash" : "T-actions-S-actions-snowflake-S-snowflake", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "一组动作参数", + "refs" : [ + { + "doc" : "在聚合模式下执行动作的一组参数。", + "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters", + "fields" : [ + { + "doc" : "启用基于时间的事件聚合,并将其作为一个对象上传到 Snowflake。每个集群节点独立进行此聚合。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-mode", + "text" : "mode", + "type" : "String(\"aggregated\")" + }, + { + "doc" : "控制聚合过程的一组参数。", + "refs" : [ + { + "doc" : "控制聚合过程的一组参数。", + "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation", + "fields" : [ + { + "doc" : "设置包含聚合事件的上传文件格式的配置。", + "refs" : [ + { + "doc" : "记录(事件)将被聚合并作为 CSV 文件上传。", + "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv", + "fields" : [ + { + "doc" : "记录(事件)将被聚合并作为 CSV 文件上传。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-type", + "text" : "type", + "type" : "String(\"csv\")" + }, + { + "doc" : "事件字段将在生成的 CSV 文件中按此顺序排列为列。
\n无论此设置如何,生成的 CSV 都将包含所有聚合事件的字段,但所有未在此明确提及的列将在此处列出的列之后按字典顺序排列。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-column_order", + "text" : "column_order", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "container_csv" + } + ], + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container", + "text" : "container", + "type" : "OneOf(Struct(container_csv))", + "default" : "{type = csv}" + }, + { + "doc" : "每个节点在上传之前,将事件聚合到单个文件中的时间间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-time_interval", + "text" : "time_interval", + "type" : "Duration(s)", + "default" : "\"1h\"" + }, + { + "doc" : "每个聚合文件允许的最大记录数(事件数)。 每次聚合上传将包含不超过该数量的事件,但可能会少于该数量。
\n 如果事件速率较高,在同一时间间隔内可能会进行多次聚合上传。这些上传将具有不同但连续的序列号,且该序列号将作为 Snowflake 阶段文件名的一部分。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-max_records", + "text" : "max_records", + "type" : "Integer(1..+inf)", + "default" : "1000000" + } + ], + "text" : "aggregation" + } + ], + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation", + "text" : "aggregation", + "type" : "Struct(aggregation)" + }, + { + "doc" : "为管道用户配置的私钥。支持以下输入格式:\n- 明文密钥:直接以字符串形式输入 PEM 格式的私钥内容。\n- 文件路径:指定包含私钥的文件路径。确保路径以 file:// 开头。文件路径必须在集群的所有节点上相同。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-private_key", + "text" : "private_key", + "type" : "Secret" + }, + { + "doc" : "包含 Snowflake 资源的数据库名称。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "包含 Snowflake 资源的模式名称。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-schema", + "text" : "schema", + "type" : "String" + }, + { + "doc" : "用于将数据文件加载到 Snowflake 的 Stage 名称。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-stage", + "text" : "stage", + "type" : "String" + }, + { + "doc" : "用于将数据导入表的管道名称。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipe", + "text" : "pipe", + "type" : "String" + }, + { + "doc" : "具有使用 Pipe 权限的角色的用户名。最低要求的权限是 operate 和 monitor。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipe_user", + "text" : "pipe_user", + "type" : "String" + }, + { + "doc" : "连接到 HTTP 服务器时的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "一个正整数。表示是否连续发送 HTTP 请求。设置为 1 时,表示每次发送 HTTP 请求后,需等待服务器返回再发送下一个请求.", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipelining", + "text" : "pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "连接池大小", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "发送 HTTP 请求时出现错误的最大重试次数。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "3" + }, + { + "doc" : "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。", + "refs" : [ + { + "doc" : "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。", + "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config", + "fields" : [ + { + "doc" : "用于连接的代理主机地址。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config-host", + "text" : "host", + "type" : "String" + }, + { + "doc" : "连接时使用的代理端口。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config-port", + "text" : "port", + "type" : "Integer(1..65535)" + } + ], + "text" : "proxy_config" + } + ], + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy", + "text" : "proxy", + "type" : "OneOf(String(\"none\"),Struct(proxy_config))", + "default" : "none" + } + ], + "text" : "aggreg_parameters" + } + ], + "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(aggreg_parameters))" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"10ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "snowflake" + } + ], + "hash" : "V-actions-S-actions-snowflake", + "text" : "snowflake", + "type" : "Map($name->Struct(snowflake))" + }, + { + "doc" : "RabbitMQ Action Config", + "refs" : [ + { + "doc" : "动作的配置", + "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "动作配置定义了此动作输出如何将消息发送到远程 RabbitMQ 代理。", + "refs" : [ + { + "doc" : "动作配置定义了此动作输出如何将消息发送到远程 RabbitMQ 代理。", + "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "一个布尔值,指示在使用发布者确认时是否等待 RabbitMQ 确认消息发布。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-wait_for_publish_confirmations", + "text" : "wait_for_publish_confirmations", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "等待连接建立的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-publish_confirmation_timeout", + "text" : "publish_confirmation_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "消息将被发送到的 RabbitMQ 交换机的名称。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-exchange", + "text" : "exchange", + "type" : "String" + }, + { + "doc" : "用于将消息路由到 RabbitMQ 交换机中正确队列的路由键。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-routing_key", + "text" : "routing_key", + "type" : "String" + }, + { + "doc" : "发布到 RabbitMQ 的消息的传递模式。非持久化传递模式(1)适用于不需要在 RabbitMQ 重启后保持的消息,而持久化传递模式(2)用于必须在 RabbitMQ 重启后仍然存在的消息。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-delivery_mode", + "text" : "delivery_mode", + "type" : "Enum(non_persistent,persistent)", + "default" : "non_persistent" + }, + { + "doc" : "在发送消息到 RabbitMQ 之前格式化消息 payload 的模板。例如 ${field1.sub_field} 的模板占位符将被相应字段的值替换。如果留空,整个输入消息将被用作 payload,格式化为 JSON 文本。这种行为等同于将 ${.} 指定为 payload 模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-payload_template", + "text" : "payload_template", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "publisher_action" + } + ], + "hash" : "V-actions-S-actions-rabbitmq", + "text" : "rabbitmq", + "type" : "Map($name->Struct(publisher_action))" + }, + { + "doc" : "RocketMQ Action Config", + "refs" : [ + { + "doc" : "RocketMQ 动作的配置。", + "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "针对动作的详细配置。", + "refs" : [ + { + "doc" : "针对动作的详细配置。", + "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "模板, 默认为空,为空时将会将整个消息转发给 RocketMQ。
\n 模板可以是任意带有占位符的合法字符串, 例如:
${id}, ${username}, ${clientid}, ${timestamp}
\n {\"id\" : ${id}, \"username\" : ${username}}
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-template", + "text" : "template", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "生产者键派发策略,默认为 `roundrobin`,也支持占位符,如:`clientid`、`messageid`、`username`。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-strategy", + "text" : "strategy", + "type" : "OneOf(String(\"roundrobin\"),String)", + "default" : "roundrobin" + }, + { + "doc" : "RocketMQ 主题
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-topic", + "text" : "topic", + "type" : "String", + "default" : "TopicTest" + }, + { + "doc" : "RocketMQ 驱动同步调用的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-sync_timeout", + "text" : "sync_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "RocketMQ 主题路由更新间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "RocketMQ 驱动的套字节发送消息的缓冲区大小
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-send_buffer", + "text" : "send_buffer", + "type" : "Bytesize", + "default" : "\"1024KB\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "rocketmq_action" + } + ], + "hash" : "V-actions-S-actions-rocketmq", + "text" : "rocketmq", + "type" : "Map($name->Struct(rocketmq_action))" + }, + { + "doc" : "Redis Action Config", + "refs" : [ + { + "doc" : "与 Redis 连接器交互的动作。", + "hash" : "T-actions-S-actions-redis-S-redis_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-redis-S-redis_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "动作的参数。", + "refs" : [ + { + "doc" : "动作的参数。", + "hash" : "T-actions-S-actions-redis-S-redis_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "用于导出消息的 Redis 命令模板。每个列表元素代表一个命令名称或其参数。\n例如,要将有效负载推送到 Redis 列表中的键 msgs,元素应该如下所示:\nrpush,msgs,${payload}。", + "hash" : "V-actions-S-actions-redis-S-redis_action-parameters-S-action_parameters-command_template", + "text" : "command_template", + "type" : "Array(String)" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-redis-S-redis_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-redis-S-redis_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-redis-S-redis_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-redis-S-redis_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "这个参数定义了批处理计数的上限。\n将这个值设置为1将有效地禁用批处理,因为它表示每个批处理将只处理一个项目。\n关于 Redis 集群模式的注意事项:\n在 Redis 集群模式的情况下不支持批处理。\n因此,batch_size 总是设置为1,\n反映了该模式对于批处理操作固有的限制。", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在低消息速率下积累批处理时的最大等待间隔,以实现更高效的资源使用。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "redis_action" + } + ], + "hash" : "V-actions-S-actions-redis", + "text" : "redis", + "type" : "Map($name->Struct(redis_action))" + }, + { + "doc" : "Syskeeper Forwarder Action Config", + "refs" : [ + { + "doc" : "Syskeeper 动作的配置", + "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Syskeeper 动作的参数", + "refs" : [ + { + "doc" : "Syskeeper 动作的参数", + "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters", + "fields" : [ + { + "doc" : "被转发消息的主题
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-target_topic", + "text" : "target_topic", + "type" : "String", + "default" : "\"${topic}\"" + }, + { + "doc" : "被转发消息的服务质量 (QoS),-1 表示与原始主题相同", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-target_qos", + "text" : "target_qos", + "type" : "Integer(0..2)" + }, + { + "doc" : "模版
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-template", + "text" : "template", + "type" : "String", + "default" : "\"${payload}\"" + } + ], + "text" : "parameters" + } + ], + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters", + "text" : "parameters", + "type" : "Struct(parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "是否在创建资源后立即启动资源。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-start_after_created", + "text" : "start_after_created", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-start_timeout", + "text" : "start_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Deprecated since 5.1.0.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-auto_restart_interval", + "text" : "auto_restart_interval", + "type" : "OneOf(String(\"infinity\"),Duration)" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "infinity" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "Deprecated since v5.0.14.", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-enable_queue", + "text" : "enable_queue", + "type" : "Boolean" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "creation_opts" + } + ], + "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(creation_opts)", + "default" : "{}" + } + ], + "text" : "config" + } + ], + "hash" : "V-actions-S-actions-syskeeper_forwarder", + "text" : "syskeeper_forwarder", + "type" : "Map($name->Struct(config))" + }, + { + "doc" : "MQTT Publisher Action Config", + "refs" : [ + { + "doc" : "发布动作的配置。", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "动作的具体配置。", + "refs" : [ + { + "doc" : "动作的具体配置。", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "要转发到远程代理的主题。
\n允许使用带有变量的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "要发送的 MQTT 消息的 QoS 级别。
\n允许使用带有变量的模板。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-qos", + "text" : "qos", + "type" : "OneOf(Integer(0..2),String)", + "default" : "1" + }, + { + "doc" : "要发送的 MQTT 消息的'retain'标志。
\n允许使用带有变量的模板。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-retain", + "text" : "retain", + "type" : "OneOf(Boolean,String)", + "default" : "false" + }, + { + "doc" : "要发送的 MQTT 消息的有效载荷。
\n允许使用带有变量的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-payload", + "text" : "payload", + "type" : "String" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "mqtt_publisher_action" + } + ], + "hash" : "V-actions-S-actions-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(mqtt_publisher_action))" + }, + { + "doc" : "Couchbase Action Config", + "refs" : [ + { + "doc" : "将传入事件上传到 Couchbase 服务的动作。", + "hash" : "T-actions-S-actions-couchbase-S-couchbase", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "动作的参数集。", + "refs" : [ + { + "doc" : "动作的参数集。", + "hash" : "T-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters", + "fields" : [ + { + "doc" : "SQL 模版。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters-sql", + "text" : "sql", + "type" : "String" + }, + { + "doc" : "发送请求时发生错误的最大重试次数。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "3" + } + ], + "text" : "parameters" + } + ], + "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters", + "text" : "parameters", + "type" : "Struct(parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "couchbase" + } + ], + "hash" : "V-actions-S-actions-couchbase", + "text" : "couchbase", + "type" : "Map($name->Struct(couchbase))" + }, + { + "doc" : "Microsoft SOL Server 动作的配置。", + "refs" : [ + { + "doc" : "Microsoft SOL Server 动作的配置。", + "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "针对动作的详细配置。", + "refs" : [ + { + "doc" : "针对动作的详细配置。", + "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )\"" + }, + { + "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters-undefined_vars_as_null", + "text" : "undefined_vars_as_null", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "sqlserver_action" + } + ], + "hash" : "V-actions-S-actions-sqlserver", + "text" : "sqlserver", + "type" : "Map($name->Struct(sqlserver_action))" + }, + { + "doc" : "MongoDB Action Config", + "refs" : [ + { + "doc" : "与 MongoDB 连接器交互的动作", + "hash" : "T-actions-S-actions-mongodb-S-mongodb_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "特定于此动作类型的附加参数", + "refs" : [ + { + "doc" : "特定于此动作类型的附加参数", + "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "数据将存储在其中的集合
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters-collection", + "text" : "collection", + "type" : "String", + "default" : "mqtt" + }, + { + "doc" : "用于格式化发送消息的模板。如果未定义,规则引擎将使用 JSON 格式序列化所有可见输入,例如 clientid、主题、有效载荷等。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters-payload_template", + "text" : "payload_template", + "type" : "String" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "mongodb_action" + } + ], + "hash" : "V-actions-S-actions-mongodb", + "text" : "mongodb", + "type" : "Map($name->Struct(mongodb_action))" + }, + { + "doc" : "Datalayers Action Config", + "refs" : [ + { + "doc" : "用于与 Datalayers 连接器交互的动作。", + "hash" : "T-actions-S-actions-datalayers-S-datalayers_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "特定于此动作类型的额外参数。", + "refs" : [ + { + "doc" : "特定于此动作类型的额外参数。", + "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "用于写入数据点的 InfluxDB 行协议配置。这是一种基于文本的格式,提供数据点的测量、标签集、字段集和时间戳,并支持占位符。\n详见 [InfluxDB 1.8 行协议](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\n简短说明:
\n```\n[,=[,=]] =[,=] []\n```\n请注意,整数值的占位符必须带有后缀 `i`。 例如 `${payload.int_value}i`。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters-write_syntax", + "text" : "write_syntax", + "type" : "String" + }, + { + "doc" : "Datalayers 时间精度。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters-precision", + "text" : "precision", + "type" : "Enum(ns,us,ms,s)", + "default" : "ms" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "datalayers_action" + } + ], + "hash" : "V-actions-S-actions-datalayers", + "text" : "datalayers", + "type" : "Map($name->Struct(datalayers_action))" + }, + { + "doc" : "Azure Blob Storage Action Config", + "refs" : [ + { + "doc" : "将传入事件上传到 Azure Blob Storage 服务的动作。", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "一系列动作单数。", + "refs" : [ + { + "doc" : "配置了聚合上传模式的动作参数集。", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters", + "fields" : [ + { + "doc" : "启用基于时间的事件聚合,并将其作为单个对象上传到 Azure Blob Storage 服务。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-mode", + "text" : "mode", + "type" : "String(\"aggregated\")" + }, + { + "doc" : "控制聚合上传过程的参数集。", + "refs" : [ + { + "doc" : "控制聚合上传过程的参数集。", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation", + "fields" : [ + { + "doc" : "设置包含聚合事件的上传文件格式的配置。", + "refs" : [ + { + "doc" : "记录(事件)将被聚合并作为 CSV 文件上传。", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv", + "fields" : [ + { + "doc" : "记录(事件)将被聚合并作为 CSV 文件上传。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-type", + "text" : "type", + "type" : "String(\"csv\")" + }, + { + "doc" : "事件字段将在生成的 CSV 文件中按此顺序排列为列。
\n无论此设置如何,生成的 CSV 都将包含所有聚合事件的字段,但所有未在此明确提及的列将在此处列出的列之后按字典顺序排列。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-column_order", + "text" : "column_order", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "container_csv" + } + ], + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container", + "text" : "container", + "type" : "OneOf(Struct(container_csv))", + "default" : "{type = csv}" + }, + { + "doc" : "在上传之前,将事件聚合为单个对象的时间长度。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-time_interval", + "text" : "time_interval", + "type" : "Duration(s)", + "default" : "\"1h\"" + }, + { + "doc" : "每个聚合对象允许的记录(事件)数量。每次聚合上传包含的事件不会超过该数量,但可以少于该数量。
\n 如果事件速率足够高,则在同一时间间隔内可能会有多个聚合上传。这些上传将具有不同但连续的序列号,它们将成为 Azure Blob Storage blob 名称的一部分。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-max_records", + "text" : "max_records", + "type" : "Integer(1..+inf)", + "default" : "1000000" + } + ], + "text" : "aggregation" + } + ], + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation", + "text" : "aggregation", + "type" : "Struct(aggregation)" + }, + { + "doc" : "Azure Blob Storage 容器名称。不支持使用模版。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-container", + "text" : "container", + "type" : "String" + }, + { + "doc" : "用于聚合上传的 Azure Blob Storage blob 名称模板。
\n 模板可以包含以下变量的占位符:\n
    \n
  • ${action}: 动作名称(必需)。
    • \n
  • ${node}: 执行上传的 EMQX 节点名称(必需)。
    • \n
  • ${datetime.{format}}: 聚合上传开始的日期和时间,格式根据 {format} 字符串制定(必需):\n
      \n
    • ${datetime.rfc3339utc}: RFC3339 格式的 UTC 日期和时间,
      • \n
    • ${datetime.rfc3339}: RFC3339 格式的本地时区日期和时间,
      • \n
    • ${datetime.unix}: Unix 时间戳。
      • \n
    \n
    • \n
  • ${datetime_until.{format}}:聚合上传结束的日期和时间,包含相同的格式选项。
    • \n
  • ${sequence}:同一时间间隔内聚合上传的序列号(必需)。
    • \n
\n 所有其他占位符都被视为无效。注意,如果模板中缺少标记为必需的占位符,它们将作为路径后缀添加到 Azure Blob Storage blob 名称中。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-blob", + "text" : "blob", + "type" : "String" + } + ], + "text" : "aggreg_parameters" + }, + { + "doc" : "直接上传模式的动作参数集。动作支持 Azure Blob Storage 容器名称、blob 名称和 blob 内容的模板。", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters", + "fields" : [ + { + "doc" : "启用将事件作为单独对象上传到 Azure Blob Storage 服务。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-mode", + "text" : "mode", + "type" : "String(\"direct\")" + }, + { + "doc" : "Azure Blob Storage 容器名称。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-container", + "text" : "container", + "type" : "String" + }, + { + "doc" : "Azure Blob Storage blob 名称。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-blob", + "text" : "blob", + "type" : "String" + }, + { + "doc" : "要上传的 Azure Blob Storage blob 的内容。支持使用模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-content", + "text" : "content", + "type" : "String", + "default" : "\"${.}\"" + } + ], + "text" : "direct_parameters" + } + ], + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(aggreg_parameters),Struct(direct_parameters))" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"10ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "azure_blob_storage" + } + ], + "hash" : "V-actions-S-actions-azure_blob_storage", + "text" : "azure_blob_storage", + "type" : "Map($name->Struct(azure_blob_storage))" + }, + { + "doc" : "Matrix Action Config", + "refs" : [ + { + "doc" : "PostgreSQL 动作的配置", + "hash" : "T-actions-S-actions-matrix-S-pgsql_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "特定于 PostgreSQL 动作的参数配置", + "refs" : [ + { + "doc" : "特定于 PostgreSQL 动作的参数配置", + "hash" : "T-actions-S-actions-matrix-S-pgsql_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "pgsql_action" + } + ], + "hash" : "V-actions-S-actions-matrix", + "text" : "matrix", + "type" : "Map($name->Struct(pgsql_action))" + }, + { + "doc" : "IoTDB Action Config", + "refs" : [ + { + "doc" : "IoTDB 数据桥接配置", + "hash" : "T-actions-S-actions-iotdb-S-action_config", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "IoTDB 动作参数", + "refs" : [ + { + "doc" : "IoTDB 动作参数", + "hash" : "T-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "是否对齐时间序列。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-is_aligned", + "text" : "is_aligned", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "IoTDB 的设备 ID(DeviceID)。可以使用一个占位符。如果留空则 MQTT 消息体中必须有一个 `device_id` 字段,\n或者 EMQX 规则引擎的 SQL 必须输出一个 `device_id` 字段。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-device_id", + "text" : "device_id", + "type" : "String" + }, + { + "doc" : "IoTDB 动作参数数据", + "refs" : [ + { + "doc" : "IoTDB 动作参数数据", + "hash" : "T-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data", + "fields" : [ + { + "doc" : "时间戳。支持格式为 ${var} 的占位符,最终值可以是:\n\n- now: 使用载荷中包含的 `now_ms` 作为时间戳\n- now_ms: 同上\n- now_us: 使用载荷中包含的 `now_us` 作为时间戳\n- now_ns: 使用载荷中包含的 `now_ns` 作为时间戳\n- 其他: 直接使用值作为时间戳。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-timestamp", + "text" : "timestamp", + "type" : "OneOf(Enum(now,now_ms,now_ns,now_us),String)", + "default" : "now" + }, + { + "doc" : "也称 Measurement,支持使用 ${var} 格式的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-measurement", + "text" : "measurement", + "type" : "String" + }, + { + "doc" : "数据类型,可以是枚举或字符串。\n支持格式为 ${var} 的字符串占位符,最终值可以是:\n\n- TEXT\n- BOOLEAN\n- INT32\n- INT64\n- FLOAT\n- DOUBLE", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-data_type", + "text" : "data_type", + "type" : "OneOf(Enum(text,boolean,int32,int64,float,double),String)" + }, + { + "doc" : "值。支持格式为 ${var} 的占位符
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-value", + "text" : "value", + "type" : "String" + } + ], + "text" : "action_parameters_data" + } + ], + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data", + "text" : "data", + "type" : "Array(Struct(action_parameters_data))", + "default" : "[]" + }, + { + "doc" : "如果发送请求时出错,最大的重试次数。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-iotdb-S-action_config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "Action Resource Options", + "hash" : "T-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "action_config" + } + ], + "hash" : "V-actions-S-actions-iotdb", + "text" : "iotdb", + "type" : "Map($name->Struct(action_config))" + }, + { + "doc" : "Kinesis Action Config", + "refs" : [ + { + "doc" : "Kinesis 动作的配置。", + "hash" : "T-actions-S-actions-kinesis-S-kinesis_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "针对动作的详细配置。", + "refs" : [ + { + "doc" : "针对动作的详细配置。", + "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "用于格式化传出消息的模板。如果未定义,将以 JSON 格式发送所有可用的上下文。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-payload_template", + "text" : "payload_template", + "type" : "String", + "default" : "\"${.}\"" + }, + { + "doc" : "消息将要被发布到的 Amazon Kinesis 流。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-stream_name", + "text" : "stream_name", + "type" : "String" + }, + { + "doc" : "与发布消息关联的 Amazon Kinesis 分区键。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-partition_key", + "text" : "partition_key", + "type" : "String" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..500)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "kinesis_action" + } + ], + "hash" : "V-actions-S-actions-kinesis", + "text" : "kinesis", + "type" : "Map($name->Struct(kinesis_action))" + }, + { + "doc" : "Kafka Producer Action Config", + "refs" : [ + { + "doc" : "Kafka 生产者动作", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action", + "fields" : [ + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "MQTT 主题数据源由桥接指定,或留空由规则动作指定。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Kafka 生产者参数。", + "refs" : [ + { + "doc" : "Kafka 生产者参数。", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts", + "fields" : [ + { + "doc" : "Kafka 主题名称。支持使用模版(例如:`t-${payload.t}`)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "用于生成 Kafka 消息的模版。", + "refs" : [ + { + "doc" : "用于生成 Kafka 消息的模版。", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message", + "fields" : [ + { + "doc" : "生成 Kafka 消息 Key 的模版。如果模版生成后为空值,则会使用 Kafka 的 NULL ,而非空字符串。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-key", + "text" : "key", + "type" : "String", + "default" : "\"${.clientid}\"" + }, + { + "doc" : "生成 Kafka 消息 Value 的模版。如果模版生成后为空值,则会使用 Kafka 的 NULL,而非空字符串。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-value", + "text" : "value", + "type" : "String", + "default" : "\"${.}\"" + }, + { + "doc" : "生成 Kafka 消息时间戳的模版。该时间必需是一个整型数值(可以是字符串格式)例如 1661326462115'1661326462115'。当所需的输入字段不存在,或不是一个整型时,则会使用当前系统时间。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-timestamp", + "text" : "timestamp", + "type" : "String", + "default" : "\"${.timestamp}\"" + } + ], + "text" : "kafka_message" + } + ], + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message", + "text" : "message", + "type" : "Struct(kafka_message)" + }, + { + "doc" : "每个分区生产者为了收集批量消息进行缓冲的最长等待时间。\n默认值为 0,表示不等待。 对于非内存缓冲模式,建议配置至少 5ms 以减少 IOPS(每秒输入输出操作次数)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_linger_time", + "text" : "max_linger_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个分区生产者在发送数据前,为了收集批量消息进行缓冲,最多可以等待的消息字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_linger_bytes", + "text" : "max_linger_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "最大消息批量字节数。大多数 Kafka 环境的默认最低值是 1 MB,EMQX 的默认值比 1 MB 更小是因为需要补偿 Kafka 消息编码所需要的额外字节(尤其是当每条消息都很小的情况下)。当单个消息的大小超过该限制时,它仍然会被发送,(相当于该批量中只有单个消息)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_batch_bytes", + "text" : "max_batch_bytes", + "type" : "Bytesize", + "default" : "\"896KB\"" + }, + { + "doc" : "压缩方法。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-compression", + "text" : "compression", + "type" : "Enum(no_compression,snappy,gzip)", + "default" : "no_compression" + }, + { + "doc" : "设置消息发布时应该如何选择 Kafka 分区。\n\nrandom: 为每个消息随机选择一个分区。\nkey_dispatch: Hash Kafka message key to a partition number", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partition_strategy", + "text" : "partition_strategy", + "type" : "Enum(random,key_dispatch)", + "default" : "random" + }, + { + "doc" : "设置 Kafka leader 在返回给 EMQX 确认之前需要等待多少个 follower 的确认。\n\nall_isr: 需要所有的在线复制者都确认。\nleader_only: 仅需要分区 leader 确认。\nnone: 无需 Kafka 回复任何确认。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-required_acks", + "text" : "required_acks", + "type" : "Enum(all_isr,leader_only,none)", + "default" : "all_isr" + }, + { + "doc" : "请提供要用作 Kafka 头部的占位符
\n例如:${pub_props}
\n请注意,占位符的值必须是对象形式的:{\"foo\": \"bar\"}\n或者是键值对的数组形式:[{\"key\": \"foo\", \"value\": \"bar\"}]
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_headers", + "text" : "kafka_headers", + "type" : "String" + }, + { + "doc" : "请提供更多的 Kafka 头部键值对
\n这里的键值对将与 kafka_headers 字段的值合并,然后发送到 Kafka。", + "refs" : [ + { + "doc" : "请提供更多的 Kafka 头部键值对
\n这里的键值对将与 kafka_headers 字段的值合并,然后发送到 Kafka。", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers", + "fields" : [ + { + "doc" : "Kafka 头部的键。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key", + "text" : "kafka_ext_header_key", + "type" : "String" + }, + { + "doc" : "Kafka 头部的值。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value", + "text" : "kafka_ext_header_value", + "type" : "String" + } + ], + "text" : "producer_kafka_ext_headers" + } + ], + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers", + "text" : "kafka_ext_headers", + "type" : "Array(Struct(producer_kafka_ext_headers))" + }, + { + "doc" : "Kafka 头部值编码模式
\n - None: 仅将二进制值添加到 Kafka 头部;
\n - JSON: 仅将 JSON 值添加到 Kafka 头部,并在发送前对其进行 JSON 字符串编码。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode", + "text" : "kafka_header_value_encode_mode", + "type" : "Enum(none,json)", + "default" : "none" + }, + { + "doc" : "配置 Kafka 刷新分区数量的时间间隔。\nEMQX 发现 Kafka 分区数量增加后,会开始按 partition_strategy 配置,把消息发送到新的分区中。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partition_count_refresh_interval", + "text" : "partition_count_refresh_interval", + "type" : "Duration(s)", + "default" : "\"60s\"" + }, + { + "doc" : "限制为给定主题生产数据的分区数量。\n特殊值 all_partitions 用于利用该主题的所有分区。\n将此设置为大于分区总数的值将不会产生任何效果。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partitions_limit", + "text" : "partitions_limit", + "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))", + "default" : "all_partitions" + }, + { + "doc" : "设置 Kafka 生产者(每个分区一个)在收到 Kafka 的确认前最多发送多少个请求(批量)。调大这个值通常可以增加吞吐量,但是,当该值设置大于 1 时存在消息乱序的风险。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_inflight", + "text" : "max_inflight", + "type" : "Integer(1..+inf)", + "default" : "10" + }, + { + "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Kafka 处理能力,或者当 Kafka 临时下线时,EMQX 内部会将消息缓存起来。", + "refs" : [ + { + "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Kafka 处理能力,或者当 Kafka 临时下线时,EMQX 内部会将消息缓存起来。", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer", + "fields" : [ + { + "doc" : "消息缓存模式。\nmemory: 所有的消息都缓存在内存里。如果 EMQX 服务重启,缓存的消息会丢失。\ndisk: 缓存到磁盘上。EMQX 重启后会继续发送重启前未发送完成的消息。\nhybrid: 先将消息缓存在内存中,当内存中的消息堆积超过一定限制(配置项 segment_bytes 描述了该限制)后,后续的消息会缓存到磁盘上。与 memory 模式一样,如果 EMQX 服务重启,缓存的消息会丢失。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode", + "text" : "mode", + "type" : "Enum(memory,disk,hybrid)", + "default" : "memory" + }, + { + "doc" : "为每个 Kafka 分区设置的最大缓存字节数。当超过这个上限之后,老的消息会被丢弃,为新的消息腾出空间。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit", + "text" : "per_partition_limit", + "type" : "Bytesize", + "default" : "\"2GB\"" + }, + { + "doc" : "当缓存模式是 diskhybrid 时适用。该配置用于指定缓存到磁盘上的文件的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes", + "text" : "segment_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "缓存模式是 memoryhybrid 时适用。当系统处于高内存压力时,从队列中丢弃旧的消息以减缓内存增长。内存压力值由配置项 sysmon.os.sysmem_high_watermark 决定。注意,该配置仅在 Linux 系统中有效。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection", + "text" : "memory_overload_protection", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "producer_buffer" + } + ], + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer", + "text" : "buffer", + "type" : "Struct(producer_buffer)" + }, + { + "doc" : "查询模式。可选 'sync/async',默认 'async'。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(async,sync)", + "default" : "async" + }, + { + "doc" : "该参数定义同步查询的超时限制。仅当桥接查询模式配置为'sync'时才适用。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-sync_query_timeout", + "text" : "sync_query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "producer_kafka_opts" + } + ], + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters", + "aliases" : [ + "kafka" + ], + "text" : "parameters", + "type" : "Struct(producer_kafka_opts)" + }, + { + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + } + ], + "text" : "kafka_producer_action" + } + ], + "hash" : "V-actions-S-actions-kafka_producer", + "text" : "kafka_producer", + "type" : "Map($name->Struct(kafka_producer_action))" + }, + { + "doc" : "GreptimeDB Action Config", + "refs" : [ + { + "doc" : "与一个 GreptimeDB 连接器交互的动作。", + "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "针对这个动作类型的更多参数。", + "refs" : [ + { + "doc" : "针对这个动作类型的更多参数。", + "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "GreptimeDB gRPC 协议写入数据点的配置。写入语法是一种文本格式,提供了数据点的测量、标签集、字段集和时间戳,并支持占位符,与 InfluxDB 行协议相同。\n参见 [InfluxDB 2.3 行协议](https://docs.influxdata.com/influxdb/v2.3/reference/syntax/line-protocol/) 和\n[GreptimeDB 1.8 行协议](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\n简而言之:
\n```\n[,=[,=]] =[,=] []\n```\n请注意,整数值的占位符必须用后缀 `i` 注释。例如 `${payload.int_value}i`。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters-write_syntax", + "text" : "write_syntax", + "type" : "String" + }, + { + "doc" : "GreptimeDB 的时间精度。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters-precision", + "text" : "precision", + "type" : "Enum(ns,us,ms,s)", + "default" : "ms" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "greptimedb_action" + } + ], + "hash" : "V-actions-S-actions-greptimedb", + "text" : "greptimedb", + "type" : "Map($name->Struct(greptimedb_action))" + }, + { + "doc" : "DynamoDB Action Config", + "refs" : [ + { + "doc" : "DynamoDB 动作的配置。", + "hash" : "T-actions-S-actions-dynamo-S-dynamo_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "针对动作的详细配置。", + "refs" : [ + { + "doc" : "针对动作的详细配置。", + "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "模板, 默认为空,为空时将会将整个消息存入数据库
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-template", + "text" : "template", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "DynamoDB 哈希键", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-hash_key", + "text" : "hash_key", + "type" : "String" + }, + { + "doc" : "DynamoDB 范围健", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-range_key", + "text" : "range_key", + "type" : "String" + }, + { + "doc" : "DynamoDB 的表。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-table", + "text" : "table", + "type" : "String" + }, + { + "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-undefined_vars_as_null", + "text" : "undefined_vars_as_null", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "dynamo_action" + } + ], + "hash" : "V-actions-S-actions-dynamo", + "text" : "dynamo", + "type" : "Map($name->Struct(dynamo_action))" + }, + { + "doc" : "Azure Event Hub Actions Config", + "refs" : [ + { + "doc" : "一个动作的配置项", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions", + "fields" : [ + { + "doc" : "将 MQTT 主题或主题过滤器作为数据源(动作输入)。如果使用规则动作作为数据源,则应将此配置保留为空,否则消息将在 Azure Event Hubs 中重复。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Azure Event Hubs 生产者配置", + "refs" : [ + { + "doc" : "Azure Event Hubs 生产者配置", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts", + "fields" : [ + { + "doc" : "Event Hubs 的名称。支持使用模版(例如:`t-${payload.t}`)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "呈现 Azure Event Hubs 消息的模版。", + "refs" : [ + { + "doc" : "呈现 Azure Event Hubs 消息的模版。", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message", + "fields" : [ + { + "doc" : "用于呈现 Azure Event Hubs 消息键的模版。如果模板呈现为空值(即在规则引擎上下文中没有此类数据字段),则使用 Azure Event Hubs 的 NULL(而不是空字符串)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-key", + "text" : "key", + "type" : "String", + "default" : "\"${.clientid}\"" + }, + { + "doc" : "用于呈现 Azure Event Hubs 消息值的模版。如果模板呈现为空值(即在规则引擎上下文中没有此类数据字段),则使用 Azure Event Hubs 的 NULL(而不是空字符串)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-value", + "text" : "value", + "type" : "String", + "default" : "\"${.}\"" + } + ], + "text" : "kafka_message" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message", + "text" : "message", + "type" : "Struct(kafka_message)" + }, + { + "doc" : "每个分区生产者为了收集批量消息进行缓冲的最长等待时间。\n默认值为 0,表示不等待。 对于非内存缓冲模式,建议配置至少 5ms 以减少 IOPS(每秒输入输出操作次数)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_time", + "text" : "max_linger_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个分区生产者在发送数据前,为了收集批量消息进行缓冲,最多可以等待的消息字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_bytes", + "text" : "max_linger_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "在 Azure Event Hubs 消息批次中收集的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_batch_bytes", + "text" : "max_batch_bytes", + "type" : "Bytesize", + "default" : "\"896KB\"" + }, + { + "doc" : "分区策略是用来指导生产者如何将消息分配到Azure Event Hubs的各个分区。\n\nrandom: 为每条消息随机选择一个分区。\nkey_dispatch: 根据 Azure Event Hubs 消息键的哈希值将消息分配到分区,确保拥有相同键的消息能够一致地被分配到特定分区。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partition_strategy", + "text" : "partition_strategy", + "type" : "Enum(random,key_dispatch)", + "default" : "random" + }, + { + "doc" : "Azure Event Hubs 分区领导者的确认标准。它确定了在向 EMQX Azure Event Hubs 生产者回送确认前,需要从追随者分区获得的确认等级。\n\nall_isr:要求所有同步副本进行确认。\nleader_only:仅要求分区领导者的确认。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-required_acks", + "text" : "required_acks", + "type" : "Enum(all_isr,leader_only)", + "default" : "all_isr" + }, + { + "doc" : "为Azure Event Hubs头部提供一个占位符。例如:${pub_props}
\n注意,占位符的值必须是一个对象:\n{\"foo\": \"bar\"}\n或者是一组键值对:\n[{\"key\": \"foo\", \"value\": \"bar\"}]
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_headers", + "text" : "kafka_headers", + "type" : "String" + }, + { + "doc" : "请提供更多的 Azure Event Hubs 标头键值对
这里的键值对将与kafka_headers字段的值合并,然后发送到 Azure Event Hubs。", + "refs" : [ + { + "doc" : "请提供更多的 Kafka 头部键值对
\n这里的键值对将与 kafka_headers 字段的值合并,然后发送到 Kafka。", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers", + "fields" : [ + { + "doc" : "Kafka 头部的键。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key", + "text" : "kafka_ext_header_key", + "type" : "String" + }, + { + "doc" : "Kafka 头部的值。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value", + "text" : "kafka_ext_header_value", + "type" : "String" + } + ], + "text" : "producer_kafka_ext_headers" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers", + "text" : "kafka_ext_headers", + "type" : "Array(Struct(producer_kafka_ext_headers))" + }, + { + "doc" : "Azure Event Hubs 头部值的编码模式。
\n - None: 仅将二进制值添加到 Azure Event Hubs 头部;
\n - JSON: 仅将 JSON 值添加到 Azure Event Hubs 头部,并在发送前将其编码为 JSON 字符串。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode", + "text" : "kafka_header_value_encode_mode", + "type" : "Enum(none,json)", + "default" : "none" + }, + { + "doc" : "Azure Event Hubs 生产者发现分区数量增加的时间间隔。\n在 Azure Event Hubs 中增加分区数量后,EMQX 将开始根据partition_strategy\n在分发消息时考虑新发现的分区。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partition_count_refresh_interval", + "text" : "partition_count_refresh_interval", + "type" : "Duration(s)", + "default" : "\"60s\"" + }, + { + "doc" : "限制为给定主题产生数据的分区数量。\n特殊值 all_partitions 用于利用主题的所有分区。\n设置的值大于分区总数时无效。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partitions_limit", + "text" : "partitions_limit", + "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))", + "default" : "all_partitions" + }, + { + "doc" : "Azure Event Hubs 生产者在接收到 Azure Event Hubs 的确认之前,每个分区允许发送的批次的最大数量。较高的值通常意味着更好的吞吐量。然而,当这个值大于1时,可能会有消息重新排序的风险。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_inflight", + "text" : "max_inflight", + "type" : "Integer(1..+inf)", + "default" : "10" + }, + { + "doc" : "配置生产者消息缓冲区。\n\n告诉 Azure Event Hubs 生产者,在 EMQX 需要发送的消息多于 Azure Event Hubs 能够处理的消息时,或者 Azure Event Hubs 宕机时,如何缓冲消息。", + "refs" : [ + { + "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Kafka 处理能力,或者当 Kafka 临时下线时,EMQX 内部会将消息缓存起来。", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer", + "fields" : [ + { + "doc" : "消息缓存模式。\nmemory: 所有的消息都缓存在内存里。如果 EMQX 服务重启,缓存的消息会丢失。\ndisk: 缓存到磁盘上。EMQX 重启后会继续发送重启前未发送完成的消息。\nhybrid: 先将消息缓存在内存中,当内存中的消息堆积超过一定限制(配置项 segment_bytes 描述了该限制)后,后续的消息会缓存到磁盘上。与 memory 模式一样,如果 EMQX 服务重启,缓存的消息会丢失。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode", + "text" : "mode", + "type" : "Enum(memory,disk,hybrid)", + "default" : "memory" + }, + { + "doc" : "为每个 Kafka 分区设置的最大缓存字节数。当超过这个上限之后,老的消息会被丢弃,为新的消息腾出空间。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit", + "text" : "per_partition_limit", + "type" : "Bytesize", + "default" : "\"2GB\"" + }, + { + "doc" : "当缓存模式是 diskhybrid 时适用。该配置用于指定缓存到磁盘上的文件的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes", + "text" : "segment_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "缓存模式是 memoryhybrid 时适用。当系统处于高内存压力时,从队列中丢弃旧的消息以减缓内存增长。内存压力值由配置项 sysmon.os.sysmem_high_watermark 决定。注意,该配置仅在 Linux 系统中有效。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection", + "text" : "memory_overload_protection", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "producer_buffer" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer", + "text" : "buffer", + "type" : "Struct(producer_buffer)" + }, + { + "doc" : "查询模式。可选'sync/async',默认为'async'。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(async,sync)", + "default" : "async" + }, + { + "doc" : "此参数定义同步查询的超时限制。仅当桥接查询模式配置为 'sync' 时适用。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-sync_query_timeout", + "text" : "sync_query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "producer_kafka_opts" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters", + "aliases" : [ + "kafka" + ], + "text" : "parameters", + "type" : "Struct(producer_kafka_opts)" + }, + { + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "actions" + } + ], + "hash" : "V-actions-S-actions-azure_event_hub_producer", + "text" : "azure_event_hub_producer", + "type" : "Map($name->Struct(actions))" + }, + { + "doc" : "HStreamDB Action Config", + "refs" : [ + { + "doc" : "HStreamDB 动作的配置。", + "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "针对动作的详细配置。", + "refs" : [ + { + "doc" : "针对动作的详细配置。", + "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "HStreamDB 流名称", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-stream", + "text" : "stream", + "type" : "String" + }, + { + "doc" : "HStreamDB 分区键。支持占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-partition_key", + "text" : "partition_key", + "type" : "String" + }, + { + "doc" : "将 gRPC 调用刷新到 HStreamDB 服务器的时间间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-grpc_flush_timeout", + "text" : "grpc_flush_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "要转发到 HStreamDB 的 HStream 记录模板。支持占位符。
\n注意:当您使用'原始记录'模板(这意味着数据不是有效的 JSON)时,您应该在 HStream 中使用 'read' 或 'subscription' 来获取数据。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-record_template", + "text" : "record_template", + "type" : "String", + "default" : "\"${payload}\"" + }, + { + "doc" : "Record 聚合池的大小。更大的聚合池可以提升并行处理能力,但可能会因为批处理变小而导致效率降低。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-aggregation_pool_size", + "text" : "aggregation_pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "刷新队列中未确认批次的最大数量。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-max_batches", + "text" : "max_batches", + "type" : "Integer(1..+inf)", + "default" : "500" + }, + { + "doc" : "写入池大小。更大的池规模可能增加并行化和并发写入操作,可能提升吞吐量。但需权衡内存消耗和资源竞争。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-writer_pool_size", + "text" : "writer_pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "单个请求中可以发送的最大插入数据子句数量。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "两次连续(批处理)请求之间允许的最大间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-batch_interval", + "text" : "batch_interval", + "type" : "Duration", + "default" : "\"500ms\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "hstreamdb_action" + } + ], + "hash" : "V-actions-S-actions-hstreamdb", + "text" : "hstreamdb", + "type" : "Map($name->Struct(hstreamdb_action))" + }, + { + "doc" : "Elasticsearch 动作", + "refs" : [ + { + "doc" : "ElasticSearch 动作配置项", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config", + "fields" : [ + { + "doc" : "ElasticSearch 动作参数", + "refs" : [ + { + "doc" : "将一个 JSON 文件添加到指定的索引中,并使其可搜索。\n如果目标是一个索引并且文件已经存在,\n请求会更新该文件并增加其版本。", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create", + "fields" : [ + { + "doc" : "create", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-action", + "text" : "action", + "type" : "String(\"create\")" + }, + { + "doc" : "执行操作的索引名称或索引别名。\n此参数是必需的。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "文档 ID。如果没有指定 ID,将自动生成。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "JSON 文档模板,如果留空则为包含所有可用字段的 JSON 文本,如 clientid、topic、payload 等。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-doc", + "text" : "doc", + "type" : "String" + }, + { + "doc" : "用于将操作路由到特定分片的自定义值。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "如果为 true, 则请求的操作必须针对一个索引别名。默认为 false。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-require_alias", + "text" : "require_alias", + "type" : "Boolean" + }, + { + "doc" : "如果指定 _id 的文档已经存在(冲突),将设置为 false,操作将失败。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-overwrite", + "text" : "overwrite", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "如果发送请求时出错,最大的重试次数。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_create" + }, + { + "doc" : "从指定的索引中删除一个 JSON 文件。", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete", + "fields" : [ + { + "doc" : "delete", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-action", + "text" : "action", + "type" : "String(\"delete\")" + }, + { + "doc" : "执行操作的索引名称或索引别名。\n此参数是必需的。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "文档 ID。如果没有指定 ID,将自动生成。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "用于将操作路由到特定分片的自定义值。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "如果发送请求时出错,最大的重试次数。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_delete" + }, + { + "doc" : "使用指定的文件更新一个文件。", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update", + "fields" : [ + { + "doc" : "update", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-action", + "text" : "action", + "type" : "String(\"update\")" + }, + { + "doc" : "执行操作的索引名称或索引别名。\n此参数是必需的。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-index", + "text" : "index", + "type" : "String" + }, + { + "doc" : "文档 ID。如果没有指定 ID,将自动生成。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-id", + "text" : "id", + "type" : "String" + }, + { + "doc" : "JSON 文档模板,如果留空则为包含所有可用字段的 JSON 文本,如 clientid、topic、payload 等。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc", + "text" : "doc", + "type" : "String" + }, + { + "doc" : "你可以将 doc_as_upsert 设置为 true,使用 doc 的内容作为 upsert 值,而不是发送一个不完整的文件加上一个 upsert 文件。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc_as_upsert", + "text" : "doc_as_upsert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于将操作路由到特定分片的自定义值。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-routing", + "text" : "routing", + "type" : "String" + }, + { + "doc" : "如果为 true, 则请求的操作必须针对一个索引别名。默认为 false。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-require_alias", + "text" : "require_alias", + "type" : "Boolean" + }, + { + "doc" : "如果发送请求时出错,最大的重试次数。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + } + ], + "text" : "action_update" + } + ], + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(action_create),Struct(action_delete),Struct(action_update))" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源选项。", + "hash" : "T-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "action_config" + } + ], + "hash" : "V-actions-S-actions-elasticsearch", + "text" : "elasticsearch", + "type" : "Map($action_name->Struct(action_config))" + }, + { + "doc" : "Pulsar Action Config", + "refs" : [ + { + "doc" : "发布消息到 Pulsar 主题。", + "hash" : "T-actions-S-actions-pulsar-S-publisher_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "针对动作的详细配置。", + "refs" : [ + { + "doc" : "针对动作的详细配置。", + "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "渲染 Pulsar 消息的模版。", + "refs" : [ + { + "doc" : "渲染 Pulsar 消息的模版。", + "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message", + "fields" : [ + { + "doc" : "渲染 Pulsar 消息键的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message-key", + "text" : "key", + "type" : "String", + "default" : "\"${.clientid}\"" + }, + { + "doc" : "渲染 Pulsar 消息值的模版。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message-value", + "text" : "value", + "type" : "String", + "default" : "\"${.}\"" + } + ], + "text" : "producer_pulsar_message" + } + ], + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message", + "text" : "message", + "type" : "Struct(producer_pulsar_message)" + }, + { + "doc" : "同步发布时等待从 Pulsar 接收回执的最大等待时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-sync_timeout", + "text" : "sync_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "Pulsar 主题名称", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-pulsar_topic", + "text" : "pulsar_topic", + "type" : "String" + }, + { + "doc" : "在一个 Pulsar 消息中批处理的单个请求的最大数量。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "压缩方法。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-compression", + "text" : "compression", + "type" : "Enum(no_compression,snappy,zlib)", + "default" : "no_compression" + }, + { + "doc" : "TCP socket 的发送缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-send_buffer", + "text" : "send_buffer", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "当没有连接到 Pulsar 代理时,信息将被缓冲的时间。 较长的时间意味着将使用更多的内存/磁盘", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-retention_period", + "text" : "retention_period", + "type" : "OneOf(String(\"infinity\"),Duration)", + "default" : "infinity" + }, + { + "doc" : "最大消息批量字节数。大多数 Pulsar 环境的默认最低值是 5 MB,EMQX 的默认值比 5 MB 更小是因为需要补偿 Pulsar 消息编码所需要的额外字节(尤其是当每条消息都很小的情况下)。当单个消息的大小超过该限制时,它仍然会被发送,(相当于该批量中只有单个消息)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-max_batch_bytes", + "text" : "max_batch_bytes", + "type" : "Bytesize", + "default" : "\"900KB\"" + }, + { + "doc" : "设置消息发布时应该如何选择 Pulsar 分区。\n\nrandom: 为每个消息随机选择一个分区。\nroundrobin: 依次为每条信息挑选可用的生产商。\nkey_dispatch: 将一批信息中的第一条信息的 Pulsar 信息密钥哈希到一个分区编号。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-strategy", + "text" : "strategy", + "type" : "Enum(random,roundrobin,key_dispatch)", + "default" : "random" + }, + { + "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Pulsar 处理能力,或者当 Pulsar 临时下线时,EMQX 内部会将消息缓存起来。", + "refs" : [ + { + "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Pulsar 处理能力,或者当 Pulsar 临时下线时,EMQX 内部会将消息缓存起来。", + "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer", + "fields" : [ + { + "doc" : "消息缓存模式。\nmemory: 所有的消息都缓存在内存里。如果 EMQX 服务重启,缓存的消息会丢失。\ndisk: 缓存到磁盘上。EMQX 重启后会继续发送重启前未发送完成的消息。\nhybrid: 先将消息缓存在内存中,当内存中的消息堆积超过一定限制(配置项 segment_bytes 描述了该限制)后,后续的消息会缓存到磁盘上。与 memory 模式一样,如果 EMQX 服务重启,缓存的消息会丢失。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-mode", + "text" : "mode", + "type" : "Enum(memory,disk,hybrid)", + "default" : "memory" + }, + { + "doc" : "为每个 Pulsar 分区设置的最大缓存字节数。当超过这个上限之后,老的消息会被丢弃,为新的消息腾出空间。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-per_partition_limit", + "text" : "per_partition_limit", + "type" : "Bytesize", + "default" : "\"2GB\"" + }, + { + "doc" : "当缓存模式是 diskhybrid 时适用。该配置用于指定缓存到磁盘上的文件的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-segment_bytes", + "text" : "segment_bytes", + "type" : "Bytesize", + "default" : "\"100MB\"" + }, + { + "doc" : "缓存模式是 memoryhybrid 时适用。当系统处于高内存压力时,从队列中丢弃旧的消息以减缓内存增长。内存压力值由配置项 sysmon.os.sysmem_high_watermark 决定。注意,该配置仅在 Linux 系统中有效。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-memory_overload_protection", + "text" : "memory_overload_protection", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "producer_buffer" + } + ], + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer", + "text" : "buffer", + "type" : "Struct(producer_buffer)" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "Deprecated since 5.8.1.", + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "publisher_action" + } + ], + "hash" : "V-actions-S-actions-pulsar", + "text" : "pulsar", + "type" : "Map($name->Struct(publisher_action))" + }, + { + "doc" : "GCP PubSub Producer Action Config", + "refs" : [ + { + "doc" : "动作的配置", + "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "动作的配置", + "refs" : [ + { + "doc" : "动作的具体配置。", + "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "格式化出站消息属性的模板。未定义的值将被呈现为空字符串值。属性映射中的空键将被移除。", + "refs" : [ + { + "doc" : "键值对", + "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair", + "fields" : [ + { + "doc" : "键
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair-key", + "text" : "key", + "type" : "String" + }, + { + "doc" : "值
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair-value", + "text" : "value", + "type" : "String" + } + ], + "text" : "key_value_pair" + } + ], + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template", + "text" : "attributes_template", + "type" : "Array(Struct(key_value_pair))", + "default" : "[]" + }, + { + "doc" : "格式化出站消息排序键的模板。未定义的值将被呈现为空字符串值。如果此值为空,则不会将其添加到消息中。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-ordering_key_template", + "text" : "ordering_key_template", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "用于格式化外发信息的模板。 如果未定义,将以 JSON 格式发送所有可用的上下文。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-payload_template", + "text" : "payload_template", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "要发布消息的 GCP PubSub 主题。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-pubsub_topic", + "text" : "pubsub_topic", + "type" : "String" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "producer_action" + } + ], + "hash" : "V-actions-S-actions-gcp_pubsub_producer", + "text" : "gcp_pubsub_producer", + "type" : "Map($name->Struct(producer_action))" + }, + { + "doc" : "PostgreSQL Action Config", + "refs" : [ + { + "doc" : "PostgreSQL 动作的配置", + "hash" : "T-actions-S-actions-pgsql-S-pgsql_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "特定于 PostgreSQL 动作的参数配置", + "refs" : [ + { + "doc" : "特定于 PostgreSQL 动作的参数配置", + "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "pgsql_action" + } + ], + "hash" : "V-actions-S-actions-pgsql", + "text" : "pgsql", + "type" : "Map($name->Struct(pgsql_action))" + }, + { + "doc" : "OpenTSDB Action Config", + "refs" : [ + { + "doc" : "OpenTSDB 桥接配置", + "hash" : "T-actions-S-actions-opents-S-action_config", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-opents-S-action_config-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "OpenTSDB 动作参数。", + "refs" : [ + { + "doc" : "OpenTSDB 动作参数。", + "hash" : "T-actions-S-actions-opents-S-action_config-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "OpenTSDB 动作参数数据。", + "refs" : [ + { + "doc" : "OpenTSDB 动作参数数据。", + "hash" : "T-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data", + "fields" : [ + { + "doc" : "秒级或毫秒级时间戳,支持 ${var} 格式的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-timestamp", + "text" : "timestamp", + "type" : "String" + }, + { + "doc" : "度量的名称,应为时间序列数据的唯一标识符,支持 ${var} 格式的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-metric", + "text" : "metric", + "type" : "String" + }, + { + "doc" : "标签。仅支持使用占位符从变量或标签映射中提取标签。", + "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-tags", + "text" : "tags", + "type" : "OneOf(Map,String)" + }, + { + "doc" : "数据点的值,支持 ${var} 格式的占位符。它代表实际的测量或观察值。", + "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-value", + "text" : "value", + "type" : "OneOf(Integer,Float,String)" + } + ], + "text" : "action_parameters_data" + } + ], + "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data", + "text" : "data", + "type" : "Array(Struct(action_parameters_data))", + "default" : "[]" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-opents-S-action_config-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-opents-S-action_config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-opents-S-action_config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-opents-S-action_config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "action_config" + } + ], + "hash" : "V-actions-S-actions-opents", + "text" : "opents", + "type" : "Map($name->Struct(action_config))" + }, + { + "doc" : "S3 Upload Action Config", + "refs" : [ + { + "doc" : "将传入事件上传到 S3 API 兼容服务的操作。", + "hash" : "T-actions-S-actions-s3-S-s3", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-s3-S-s3-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "将传入事件上传到 S3 API 兼容服务的操作。", + "refs" : [ + { + "doc" : "聚合上传操作的参数集。", + "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters", + "fields" : [ + { + "doc" : "启用基于时间的传入事件聚合,并将它们作为一个单独的对象上传到 S3 服务。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-mode", + "text" : "mode", + "type" : "String(\"aggregated\")" + }, + { + "doc" : "规定包含聚合事件的上传文件格式的设置。", + "refs" : [ + { + "doc" : "记录(事件)将被聚合并上传为 CSV 文件。", + "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-s3_aggregated_container_csv", + "fields" : [ + { + "doc" : "记录(事件)将被聚合并上传为 CSV 文件。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-s3_aggregated_container_csv-type", + "text" : "type", + "type" : "String(\"csv\")" + }, + { + "doc" : "在此指定的事件字段将首先作为列出现在生成的 CSV 文件中。
\nCSV 文件将包含聚合事件的所有字段;然而,未在此设置中明确提到的列将按字典顺序跟在指定的列之后。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-s3_aggregated_container_csv-column_order", + "text" : "column_order", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "s3_aggregated_container_csv" + } + ], + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container", + "text" : "container", + "type" : "OneOf(Struct(s3_aggregated_container_csv))", + "default" : "{type = csv}" + }, + { + "doc" : "管理聚合过程的参数集。", + "refs" : [ + { + "doc" : "管理聚合过程的参数集。", + "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation", + "fields" : [ + { + "doc" : "上传前,事件将在单个对象中聚合的时间长度。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation-time_interval", + "text" : "time_interval", + "type" : "Duration(s)", + "default" : "\"30m\"" + }, + { + "doc" : "每个聚合对象可以包含的最大记录(事件)数量。虽然每次上传不会超过这个限制,但可能包含较少的事件。如果事件发生率很高,在同一时间间隔内可能会有多次聚合上传,这些上传将具有不同但连续的序列号,这些序列号将成为 S3 对象键的一部分。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation-max_records", + "text" : "max_records", + "type" : "Integer(1..+inf)", + "default" : "\"100000\"" + } + ], + "text" : "s3_aggregation" + } + ], + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation", + "text" : "aggregation", + "type" : "Struct(s3_aggregation)" + }, + { + "doc" : "S3 桶的名称。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-bucket", + "text" : "bucket", + "type" : "String" + }, + { + "doc" : "聚合上传的 S3 对象键模板。
\n此模板可以包含以下变量的占位符:\n
    \n
  • ${action}: 操作的名称(必须)。
  • \n
  • ${node}: 执行上传的 EMQX 节点的名称(必需)。
  • \n
  • ${datetime.{format}}: 聚合开始的日期和时间,按照 {format} 字符串格式化(必需),包括:\n
      \n
    • ${datetime.rfc3339utc}: 使用 RFC3339 格式化的 UTC 日期和时间。
    • \n
    • ${datetime.rfc3339}: 使用 RFC3339 格式化的本地时区日期和时间。
    • \n
    • ${datetime.unix}: Unix 时间戳。
    • \n
    \n
  • \n
  • ${datetime_until.{format}}: 聚合结束的日期和时间,使用相同的格式化选项。
  • \n
  • ${sequence}: 同一时间间隔内聚合上传的序列号(必需)。
  • \n
\n所有其他占位符均被视为无效。请注意,标记为必需的占位符如果在模板中缺失,将作为路径后缀添加到 S3 对象键中。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-key", + "text" : "key", + "type" : "String" + }, + { + "doc" : "上传对象使用的 ACL。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-acl", + "text" : "acl", + "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)" + }, + { + "doc" : "包含在 S3 对象上传请求中的 HTTP 请求头,用于指定 S3 对象的内容类型、内容编码以及其他属性。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "多部分上传的最小部分大小。
\n上传的数据将在内存中累积,直到达到此大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-min_part_size", + "text" : "min_part_size", + "type" : "Bytesize", + "default" : "\"5mb\"" + }, + { + "doc" : "多部分上传的最大部分大小。
\nS3 上传器不会尝试上传超过此大小的部分。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-max_part_size", + "text" : "max_part_size", + "type" : "Bytesize", + "default" : "\"5gb\"" + } + ], + "text" : "s3_aggregated_upload_parameters" + }, + { + "doc" : "上传操作的一组参数。操作支持在 S3 存储桶名称、对象键和对象内容中使用模板。", + "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters", + "fields" : [ + { + "doc" : "S3 桶的名称。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-bucket", + "text" : "bucket", + "type" : "String" + }, + { + "doc" : "S3 对象的键。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-key", + "text" : "key", + "type" : "String" + }, + { + "doc" : "上传对象使用的 ACL。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-acl", + "text" : "acl", + "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)" + }, + { + "doc" : "包含在 S3 对象上传请求中的 HTTP 请求头,用于指定 S3 对象的内容类型、内容编码以及其他属性。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "启用将事件作为单独的对象上传到 S3 服务。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-mode", + "text" : "mode", + "type" : "String(\"direct\")", + "default" : "direct" + }, + { + "doc" : "S3 对象的内容。支持模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-content", + "text" : "content", + "type" : "String", + "default" : "\"${.}\"" + } + ], + "text" : "s3_direct_upload_parameters" + } + ], + "hash" : "V-actions-S-actions-s3-S-s3-parameters", + "text" : "parameters", + "type" : "OneOf(Struct(s3_aggregated_upload_parameters),Struct(s3_direct_upload_parameters))" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-s3-S-s3-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-s3-S-s3-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-s3-S-s3-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"10ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "s3_upload_resource_opts" + } + ], + "hash" : "V-actions-S-actions-s3-S-s3-resource_opts", + "text" : "resource_opts", + "type" : "Struct(s3_upload_resource_opts)", + "default" : "{}" + } + ], + "text" : "s3" + } + ], + "hash" : "V-actions-S-actions-s3", + "text" : "s3", + "type" : "Map($name->Struct(s3))" + }, + { + "doc" : "Timescale Action Config", + "refs" : [ + { + "doc" : "PostgreSQL 动作的配置", + "hash" : "T-actions-S-actions-timescale-S-pgsql_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "特定于 PostgreSQL 动作的参数配置", + "refs" : [ + { + "doc" : "特定于 PostgreSQL 动作的参数配置", + "hash" : "T-actions-S-actions-timescale-S-pgsql_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "pgsql_action" + } + ], + "hash" : "V-actions-S-actions-timescale", + "text" : "timescale", + "type" : "Map($name->Struct(pgsql_action))" + }, + { + "doc" : "TDengine Action Config", + "refs" : [ + { + "doc" : "TDengine 桥接配置", + "hash" : "T-actions-S-actions-tdengine-S-action_config", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "TDengine 动作的参数。", + "refs" : [ + { + "doc" : "TDengine 动作的参数。", + "hash" : "T-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "数据库名字。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-database", + "text" : "database", + "type" : "String" + }, + { + "doc" : "SQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})\"" + }, + { + "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-undefined_vars_as_null", + "text" : "undefined_vars_as_null", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-tdengine-S-action_config-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "action_config" + } + ], + "hash" : "V-actions-S-actions-tdengine", + "text" : "tdengine", + "type" : "Map($name->Struct(action_config))" + }, + { + "doc" : "HTTP Action Config", + "refs" : [ + { + "doc" : "HTTP 动作的配置", + "hash" : "T-actions-S-actions-http-S-http_action", + "fields" : [ + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-http-S-http_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-http-S-http_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-http-S-http_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "HTTP 动作的参数", + "refs" : [ + { + "doc" : "HTTP 动作的参数", + "hash" : "T-actions-S-actions-http-S-http_action-parameters-S-parameters_opts", + "fields" : [ + { + "doc" : "此动作的 URL 路径。
\n此路径将附加到连接器的 url 配置,以形成完整的 URL 地址。\n此选项允许使用带有变量的模板。例如,/room/{$room_no}
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-path", + "text" : "path", + "type" : "String" + }, + { + "doc" : "HTTP 请求的方法。所有可用的方法包括:post、put、get、delete。
\n允许使用带有变量的模板。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-method", + "text" : "method", + "type" : "Enum(post,put,get,delete)", + "default" : "post" + }, + { + "doc" : "HTTP 请求头。
\n允许使用带有变量的模板。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-headers", + "text" : "headers", + "type" : "Map", + "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}" + }, + { + "doc" : "HTTP 请求的主体。
\n如果未提供,主体将是所有可用字段的 JSON 对象。
\n这里的“所有可用字段”是指在触发此 Webhook 时的 MQTT 消息的上下文(当 local_topic 已设置并接收到 MQTT 消息时触发),
或者当此 Webhook 用作规则的动作时,在触发此 Webhook 时的事件上下文。
允许使用带有变量的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-body", + "text" : "body", + "type" : "String" + }, + { + "doc" : "如果发送请求时出错,最大的重试次数。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)", + "default" : "2" + }, + { + "doc" : "Deprecated since v5.0.26.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "parameters_opts" + } + ], + "hash" : "V-actions-S-actions-http-S-http_action-parameters", + "text" : "parameters", + "type" : "Struct(parameters_opts)" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-http-S-http_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "http_action" + } + ], + "hash" : "V-actions-S-actions-http", + "aliases" : [ + "webhook" + ], + "text" : "http", + "type" : "Map($name->Struct(http_action))" + }, + { + "doc" : "与 MySQL 连接器交互的动作", + "refs" : [ + { + "doc" : "与 MySQL 连接器交互的动作", + "hash" : "T-actions-S-actions-mysql-S-mysql_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "特定于此动作类型的附加参数", + "refs" : [ + { + "doc" : "特定于此动作类型的附加参数", + "hash" : "T-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "SQL 模版
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))\"" + }, + { + "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters-undefined_vars_as_null", + "text" : "undefined_vars_as_null", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "mysql_action" + } + ], + "hash" : "V-actions-S-actions-mysql", + "text" : "mysql", + "type" : "Map($name->Struct(mysql_action))" + }, + { + "doc" : "Cassandra Action Config", + "refs" : [ + { + "doc" : "动作配置。", + "hash" : "T-actions-S-actions-cassandra-S-cassandra_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "动作的具体配置", + "refs" : [ + { + "doc" : "动作的具体配置", + "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "CQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-parameters-S-action_parameters-cql", + "text" : "cql", + "type" : "String", + "default" : "\"insert into mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, ${timestamp})\"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "cassandra_action" + } + ], + "hash" : "V-actions-S-actions-cassandra", + "text" : "cassandra", + "type" : "Map($name->Struct(cassandra_action))" + }, + { + "doc" : "ClickHouse Action Config", + "refs" : [ + { + "doc" : "动作配置。", + "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "针对动作的详细配置。", + "refs" : [ + { + "doc" : "针对动作的详细配置。", + "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "可以使用 ${field} 占位符来引用消息与客户端上下文中的变量,请确保对应字段存在且数据格式符合预期。此处不支持 [SQL 预处理](https://docs.emqx.com/zh/enterprise/v5.0/data-integration/data-bridges.html#sql-预处理)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-sql", + "text" : "sql", + "type" : "String", + "default" : "\"INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})\"" + }, + { + "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-undefined_vars_as_null", + "text" : "undefined_vars_as_null", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "默认为逗号 ',',适用于 VALUE 格式。您也可以使用其他分隔符, 请参考 [INSERT INTO 语句](https://clickhouse.com/docs/en/sql-reference/statements/insert-into)。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-batch_value_separator", + "text" : "batch_value_separator", + "type" : "String", + "default" : "\", \"" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "clickhouse_action" + } + ], + "hash" : "V-actions-S-actions-clickhouse", + "text" : "clickhouse", + "type" : "Map($name->Struct(clickhouse_action))" + }, + { + "doc" : "InfluxDB Action Config", + "refs" : [ + { + "doc" : "与 InfluxDB 连接器交互的动作", + "hash" : "T-actions-S-actions-influxdb-S-influxdb_action", + "fields" : [ + { + "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "此动作类型特定的额外参数", + "refs" : [ + { + "doc" : "此动作类型特定的额外参数", + "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters", + "fields" : [ + { + "doc" : "使用 InfluxDB API Line Protocol 写入 InfluxDB 的数据,支持占位符
\n参考 [InfluxDB 2.3 Line Protocol](https://docs.influxdata.com/influxdb/v2.3/reference/syntax/line-protocol/) 及\n[InfluxDB 1.8 Line Protocol](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\nTLDR:
\n\n```\n[,=[,=]] =[,=] []\n```\n注意,整形数值占位符后需要添加一个字符 `i` 类型标识。例如 `${payload.int_value}i`
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters-write_syntax", + "text" : "write_syntax", + "type" : "String" + }, + { + "doc" : "InfluxDB 时间精度。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters-precision", + "text" : "precision", + "type" : "Enum(ns,us,ms,s)", + "default" : "ms" + } + ], + "text" : "action_parameters" + } + ], + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters", + "text" : "parameters", + "type" : "Struct(action_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts", + "fields" : [ + { + "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-worker_pool_size", + "text" : "worker_pool_size", + "type" : "Integer(1..1024)", + "default" : "16" + }, + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(sync,async)", + "default" : "async" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + }, + { + "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-inflight_window", + "aliases" : [ + "async_inflight_window" + ], + "text" : "inflight_window", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "最大批量请求大小。如果设为 1,则无批处理。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-batch_size", + "text" : "batch_size", + "type" : "Integer(1..+inf)", + "default" : "1" + }, + { + "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-batch_time", + "text" : "batch_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-max_buffer_bytes", + "aliases" : [ + "max_queue_bytes" + ], + "text" : "max_buffer_bytes", + "type" : "Bytesize", + "default" : "\"256MB\"" + } + ], + "text" : "action_resource_opts" + } + ], + "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts", + "text" : "resource_opts", + "type" : "Struct(action_resource_opts)", + "default" : "{}" + } + ], + "text" : "influxdb_action" + } + ], + "hash" : "V-actions-S-actions-influxdb", + "text" : "influxdb", + "type" : "Map($name->Struct(influxdb_action))" + }, + { + "doc" : "Confluent Actions Config", + "refs" : [ + { + "doc" : "动作的配置。", + "hash" : "T-actions-S-actions-confluent_producer-S-actions", + "fields" : [ + { + "doc" : "将 MQTT 主题或主题过滤器作为数据源(动作输入)。如果使用规则动作作为数据源,则应将此配置保留为空,否则消息将在 Confluent 中重复。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-local_topic", + "text" : "local_topic", + "type" : "String" + }, + { + "doc" : "Confluent 生产者配置。", + "refs" : [ + { + "doc" : "Confluent 生产者配置。", + "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts", + "fields" : [ + { + "doc" : "事件中心名称。支持使用模版(例如:`t-${payload.t}`)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "呈现 Confluent 消息的模版。", + "refs" : [ + { + "doc" : "呈现 Confluent 消息的模版。", + "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message", + "fields" : [ + { + "doc" : "用于呈现 Confluent 消息键的模版。如果模板呈现为空值(即在规则引擎上下文中没有此类数据字段),则使用 Confluent 的 NULL(而不是空字符串)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-key", + "text" : "key", + "type" : "String", + "default" : "\"${.clientid}\"" + }, + { + "doc" : "用于呈现 Confluent 消息键的模版。如果模板呈现为空值(即在规则引擎上下文中没有此类数据字段),则使用 Confluent 的 NULL(而不是空字符串)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-value", + "text" : "value", + "type" : "String", + "default" : "\"${.}\"" + } + ], + "text" : "kafka_message" + } + ], + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message", + "text" : "message", + "type" : "Struct(kafka_message)" + }, + { + "doc" : "每个分区生产者为了收集批量消息进行缓冲的最长等待时间。\n默认值为 0,表示不等待。 对于非内存缓冲模式,建议配置至少 5ms 以减少 IOPS(每秒输入输出操作次数)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_time", + "text" : "max_linger_time", + "type" : "Duration", + "default" : "\"0ms\"" + }, + { + "doc" : "每个分区生产者在发送数据前,为了收集批量消息进行缓冲,最多可以等待的消息字节数。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_bytes", + "text" : "max_linger_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "最大 Confluent 消息批量字节数。大多数 Kafka 环境的默认最低值是 1 MB,EMQX 的默认值比 1 MB 更小是因为需要补偿 Kafka 消息编码所需要的额外字节(尤其是当每条消息都很小的情况下)。当单个消息的大小超过该限制时,它仍然会被发送,(相当于该批量中只有单个消息)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_batch_bytes", + "text" : "max_batch_bytes", + "type" : "Bytesize", + "default" : "\"896KB\"" + }, + { + "doc" : "压缩方法。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-compression", + "text" : "compression", + "type" : "Enum(no_compression,snappy,gzip)", + "default" : "no_compression" + }, + { + "doc" : "分区策略是用来指导生产者如何将消息分配到 Confluent 的各个分区。\n\nrandom: 为每条消息随机选择一个分区。\nkey_dispatch: 根据 Confluent 消息键的哈希值将消息分配到分区,确保拥有相同键的消息能够一致地被分配到特定分区。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partition_strategy", + "text" : "partition_strategy", + "type" : "Enum(random,key_dispatch)", + "default" : "random" + }, + { + "doc" : "Confluent 分区领导者的确认标准。它确定了在向 EMQX Confluent 生产者回送确认前,需要从追随者分区获得的确认等级。\n\nall_isr:要求所有同步副本进行确认。\nleader_only:仅要求分区领导者的确认。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-required_acks", + "text" : "required_acks", + "type" : "Enum(all_isr,leader_only,none)", + "default" : "all_isr" + }, + { + "doc" : "提供用作 Confluent 头部的占位符
\n例如${pub_props}
\n注意,占位符的值必须是对象:\n{\"foo\": \"bar\"}\n或键值对数组:\n[{\"key\": \"foo\", \"value\": \"bar\"}]
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_headers", + "text" : "kafka_headers", + "type" : "String" + }, + { + "doc" : "请提供更多的 Confluent 头部键值对
\n这里的键值对将与kafka_headers字段的值结合后发送给 Confluent。", + "refs" : [ + { + "doc" : "请提供更多的 Kafka 头部键值对
\n这里的键值对将与 kafka_headers 字段的值合并,然后发送到 Kafka。", + "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers", + "fields" : [ + { + "doc" : "Kafka 头部的键。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key", + "text" : "kafka_ext_header_key", + "type" : "String" + }, + { + "doc" : "Kafka 头部的值。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value", + "text" : "kafka_ext_header_value", + "type" : "String" + } + ], + "text" : "producer_kafka_ext_headers" + } + ], + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers", + "text" : "kafka_ext_headers", + "type" : "Array(Struct(producer_kafka_ext_headers))" + }, + { + "doc" : "Confluent 头部值编码模式
\n - None:仅向 Confluent 头部添加二进制值;
\n - JSON:仅向 Confluent 头部添加 JSON 值,并在发送前将其编码为 JSON 字符串。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode", + "text" : "kafka_header_value_encode_mode", + "type" : "Enum(none,json)", + "default" : "none" + }, + { + "doc" : "Confluent 生产者发现分区数量增加的时间间隔。\n在 Confluent 中增加分区数量后,EMQX 将开始根据partition_strategy\n在分发消息时考虑新发现的分区。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partition_count_refresh_interval", + "text" : "partition_count_refresh_interval", + "type" : "Duration(s)", + "default" : "\"60s\"" + }, + { + "doc" : "限制为给定主题产生数据的分区数量。\n特殊值 all_partitions 用于利用主题的所有分区。\n设置的值如果大于分区总数则无效。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partitions_limit", + "text" : "partitions_limit", + "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))", + "default" : "all_partitions" + }, + { + "doc" : "Confluent 生产者在接收到 Confluent 的确认之前,每个分区允许发送的批次的最大数量。较高的值通常意味着更好的吞吐量。然而,当这个值大于1时,可能会有消息重新排序的风险。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_inflight", + "text" : "max_inflight", + "type" : "Integer(1..+inf)", + "default" : "10" + }, + { + "doc" : "配置生产者消息缓冲区。\n\n在 EMQX 有更多消息需要发送而 Confluent 跟不上时,或者 Confluent 宕机时,告诉 Confluent 生产者如何缓冲消息。", + "refs" : [ + { + "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Kafka 处理能力,或者当 Kafka 临时下线时,EMQX 内部会将消息缓存起来。", + "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer", + "fields" : [ + { + "doc" : "消息缓存模式。\nmemory: 所有的消息都缓存在内存里。如果 EMQX 服务重启,缓存的消息会丢失。\ndisk: 缓存到磁盘上。EMQX 重启后会继续发送重启前未发送完成的消息。\nhybrid: 先将消息缓存在内存中,当内存中的消息堆积超过一定限制(配置项 segment_bytes 描述了该限制)后,后续的消息会缓存到磁盘上。与 memory 模式一样,如果 EMQX 服务重启,缓存的消息会丢失。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode", + "text" : "mode", + "type" : "Enum(memory,disk,hybrid)", + "default" : "memory" + }, + { + "doc" : "为每个 Kafka 分区设置的最大缓存字节数。当超过这个上限之后,老的消息会被丢弃,为新的消息腾出空间。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit", + "text" : "per_partition_limit", + "type" : "Bytesize", + "default" : "\"2GB\"" + }, + { + "doc" : "当缓存模式是 diskhybrid 时适用。该配置用于指定缓存到磁盘上的文件的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes", + "text" : "segment_bytes", + "type" : "Bytesize", + "default" : "\"10MB\"" + }, + { + "doc" : "缓存模式是 memoryhybrid 时适用。当系统处于高内存压力时,从队列中丢弃旧的消息以减缓内存增长。内存压力值由配置项 sysmon.os.sysmem_high_watermark 决定。注意,该配置仅在 Linux 系统中有效。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection", + "text" : "memory_overload_protection", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "producer_buffer" + } + ], + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer", + "text" : "buffer", + "type" : "Struct(producer_buffer)" + }, + { + "doc" : "查询模式。可选'sync/async',默认'async'。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-query_mode", + "text" : "query_mode", + "type" : "Enum(async,sync)", + "default" : "async" + }, + { + "doc" : "此参数定义同步查询的超时限制。仅在动作查询模式配置为'sync'时适用。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-sync_query_timeout", + "text" : "sync_query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + } + ], + "text" : "producer_kafka_opts" + } + ], + "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters", + "aliases" : [ + "kafka" + ], + "text" : "parameters", + "type" : "Struct(producer_kafka_opts)" + }, + { + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-actions-S-actions-confluent_producer-S-actions-resource_opts-S-resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-resource_opts-S-resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "resource_opts" + } + ], + "hash" : "V-actions-S-actions-confluent_producer-S-actions-resource_opts", + "text" : "resource_opts", + "type" : "Struct(resource_opts)", + "default" : "{}" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-actions-S-actions-confluent_producer-S-actions-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "actions" + } + ], + "hash" : "V-actions-S-actions-confluent_producer", + "text" : "confluent_producer", + "type" : "Map($name->Struct(actions))" + } + ], + "text" : "actions" + } + ], + "hash" : "V-actions", + "text" : "actions", + "type" : "Struct(actions)" + }, + { + "refs" : [ + { + "doc" : "Source 的配置。", + "hash" : "T-sources-S-sources", + "fields" : [ + { + "doc" : "MQTT Subscriber Source Config", + "refs" : [ + { + "doc" : "Source 配置", + "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source", + "fields" : [ + { + "doc" : "Source 配置定义了此数据输入如何从远程 RabbitMQ 代理接收消息。", + "refs" : [ + { + "doc" : "Source 配置定义了此数据输入如何从远程 RabbitMQ 代理接收消息。", + "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters", + "fields" : [ + { + "doc" : "RabbitMQ 代理的队列名称。", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-queue", + "text" : "queue", + "type" : "String" + }, + { + "doc" : "一个布尔值,指示在使用发布者确认时是否等待 RabbitMQ 确认消息发布。", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-wait_for_publish_confirmations", + "text" : "wait_for_publish_confirmations", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在从 RabbitMQ 代理消费消息时是否使用 no_ack 模式。", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-no_ack", + "text" : "no_ack", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "source_parameters" + } + ], + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters", + "text" : "parameters", + "type" : "Struct(source_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "source_resource_opts" + } + ], + "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts", + "text" : "resource_opts", + "type" : "Struct(source_resource_opts)", + "default" : "{}" + } + ], + "text" : "subscriber_source" + } + ], + "hash" : "V-sources-S-sources-rabbitmq", + "text" : "rabbitmq", + "type" : "Map($name->Struct(subscriber_source))" + }, + { + "doc" : "GCP PubSub Consumer Source Config", + "refs" : [ + { + "doc" : "Source 配置。", + "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source", + "fields" : [ + { + "doc" : "Source 配置。", + "refs" : [ + { + "doc" : "针对 Source 的详细配置。", + "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters", + "fields" : [ + { + "doc" : "要发布消息的 GCP PubSub 主题。", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "从 GCP PubSub 中在一个拉取请求里检索的最大消息数。 实际数量可能小于指定的值。", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters-pull_max_messages", + "text" : "pull_max_messages", + "type" : "Integer(1..+inf)", + "default" : "100" + } + ], + "text" : "source_parameters" + } + ], + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters", + "text" : "parameters", + "type" : "Struct(source_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。", + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-request_ttl", + "aliases" : [ + "request_timeout" + ], + "text" : "request_ttl", + "type" : "OneOf(Duration,String(\"infinity\"))", + "default" : "\"45s\"" + } + ], + "text" : "source_resource_opts" + } + ], + "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts", + "text" : "resource_opts", + "type" : "Struct(source_resource_opts)", + "default" : "{}" + } + ], + "text" : "consumer_source" + } + ], + "hash" : "V-sources-S-sources-gcp_pubsub_consumer", + "text" : "gcp_pubsub_consumer", + "type" : "Map($name->Struct(consumer_source))" + }, + { + "doc" : "MQTT Subscriber Source Config", + "refs" : [ + { + "doc" : "订阅 Source 的配置。", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source", + "fields" : [ + { + "refs" : [ + { + "doc" : "Source 的具体配置", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters", + "fields" : [ + { + "doc" : "从远程代理接收消息的主题", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "订阅远程代理时要使用的 QoS 级别.", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "1" + } + ], + "text" : "ingress_parameters" + } + ], + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters", + "text" : "parameters", + "type" : "Struct(ingress_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源启动相关的选项。", + "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "source_resource_opts" + } + ], + "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts", + "text" : "resource_opts", + "type" : "Struct(source_resource_opts)", + "default" : "{}" + } + ], + "text" : "mqtt_subscriber_source" + } + ], + "hash" : "V-sources-S-sources-mqtt", + "text" : "mqtt", + "type" : "Map($name->Struct(mqtt_subscriber_source))" + }, + { + "doc" : "Kafka Consumer Source Config", + "refs" : [ + { + "doc" : "Source 配置。", + "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source", + "fields" : [ + { + "doc" : "Source 配置。", + "refs" : [ + { + "doc" : "针对 Source 的详细配置。", + "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters", + "fields" : [ + { + "doc" : "指定从哪个 Kafka 主题消费消息。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "用于此 Source 的消费者组标识符。如果省略,将自动生成一个基于 Source 名称的标识符。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-group_id", + "text" : "group_id", + "type" : "String" + }, + { + "doc" : "Maximum amount of time that is waited for the Kafka broker to send a fetch response.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-max_wait_time", + "text" : "max_wait_time", + "type" : "Duration", + "default" : "\"1s\"" + }, + { + "doc" : "设置每次从 Kafka 拉取数据的字节数。如该配置小于 Kafka 消息的大小,可能会影响消费性能。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-max_batch_bytes", + "text" : "max_batch_bytes", + "type" : "Bytesize", + "default" : "\"896KB\"" + }, + { + "doc" : "如不存在偏移量历史记录或历史记录失效,消费者应使用哪个偏移量开始消费。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-offset_reset_policy", + "text" : "offset_reset_policy", + "type" : "Enum(latest,earliest)", + "default" : "latest" + }, + { + "doc" : "指定 Kafka 消费组偏移量提交的时间间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-offset_commit_interval_seconds", + "text" : "offset_commit_interval_seconds", + "type" : "Duration(s)", + "default" : "\"5s\"" + }, + { + "doc" : "通过 MQTT 转发之前,如何处理 Kafka 消息的 Key。none 使用 Kafka 消息中的 Key 原始值,不进行编码。 注意:在这种情况下,Key 必须是一个有效的 UTF-8 字符串。\nbase64 对收到的密钥或值使用 base-64 编码。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-key_encoding_mode", + "text" : "key_encoding_mode", + "type" : "Enum(none,base64)", + "default" : "none" + }, + { + "doc" : "通过 MQTT 转发之前,如何处理 Kafka 消息的 Value。none 使用 Kafka 消息中的 Value 原始值,不进行编码。 注意:在这种情况下,Value 必须是一个有效的 UTF-8 字符串。\nbase64 对收到的 Value 使用 base-64 编码。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-value_encoding_mode", + "text" : "value_encoding_mode", + "type" : "Enum(none,base64)", + "default" : "none" + } + ], + "text" : "source_parameters" + } + ], + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters", + "text" : "parameters", + "type" : "Struct(source_parameters)" + }, + { + "doc" : "由动作指定的连接器名称,用于选择外部资源。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-connector", + "text" : "connector", + "type" : "String" + }, + { + "doc" : "连接器的标签", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-tags", + "text" : "tags", + "type" : "Array(String)" + }, + { + "doc" : "描述性文本。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + }, + { + "doc" : "资源相关的选项。", + "refs" : [ + { + "doc" : "资源相关的选项。", + "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts", + "fields" : [ + { + "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval", + "text" : "health_check_interval", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "source_resource_opts" + } + ], + "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts", + "text" : "resource_opts", + "type" : "Struct(source_resource_opts)", + "default" : "{}" + } + ], + "text" : "consumer_source" + } + ], + "hash" : "V-sources-S-sources-kafka_consumer", + "text" : "kafka_consumer", + "type" : "Map($name->Struct(consumer_source))" + } + ], + "text" : "sources" + } + ], + "hash" : "V-sources", + "text" : "sources", + "type" : "Struct(sources)" + }, + { + "refs" : [ + { + "doc" : "Configuration related to handling `PUBLISH` packets with a `retain` flag set to 1.", + "hash" : "T-retainer-S-retainer", + "fields" : [ + { + "doc" : "消息保留时间。0 代表永久保留
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-retainer-S-retainer-msg_expiry_interval", + "text" : "msg_expiry_interval", + "type" : "Duration", + "default" : "\"0s\"" + }, + { + "doc" : "If set, this value will take precedence over any `Message-Expiry-Interval` property specified in retained MQTT messages, allowing messages to expire earlier if necessary. This override only applies to the garbage collection process: it does not affect the expiry time of messages being written nor that of already written messages while iterating over them. Therefore, messages that are candidate for garbage collection when overridden may still be visible when subscribing to retained topics.", + "hash" : "V-retainer-S-retainer-msg_expiry_interval_override", + "text" : "msg_expiry_interval_override", + "type" : "OneOf(String(\"disabled\"),Duration)", + "default" : "disabled" + }, + { + "doc" : "If true, retained messages set to never expire (i.e., whose `Message-Expiry-Interval = 0`) are not affected by the expiry time override. This configuration only takes effect when `msg_expiry_interval_override` is set.", + "hash" : "V-retainer-S-retainer-allow_never_expire", + "text" : "allow_never_expire", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "消息清理间隔。0 代表不进行清理
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-retainer-S-retainer-msg_clear_interval", + "text" : "msg_clear_interval", + "type" : "Duration", + "default" : "\"0s\"" + }, + { + "doc" : "允许存储的保留消息的最大大小。EMQX 将拒绝存储超过此大小的保留消息,并输出包含关键字 'retain_failed_for_payload_size_exceeded_limit' 的错误日志。\n\n0 表示保留消息大小不受限制。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-retainer-S-retainer-max_payload_size", + "text" : "max_payload_size", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "当 PUBLISH 消息的保留标志被设置且有效载荷为空时,是否继续发布消息。\n参见:\nhttp://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718038", + "hash" : "V-retainer-S-retainer-stop_publish_clear_msg", + "text" : "stop_publish_clear_msg", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "发送保留消息的最大速率", + "hash" : "V-retainer-S-retainer-delivery_rate", + "aliases" : [ + "deliver_rate" + ], + "text" : "delivery_rate", + "type" : "String", + "default" : "\"1000/s\"" + }, + { + "doc" : "保留消息的存储后端", + "refs" : [ + { + "doc" : "Configuration of the internal database storing retained messages.", + "hash" : "T-retainer-S-retainer-backend-S-mnesia_config", + "fields" : [ + { + "doc" : "后端类型", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-type", + "text" : "type", + "type" : "String(\"built_in_database\")", + "default" : "built_in_database" + }, + { + "doc" : "选择消息是存放在磁盘还是内存中", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-storage_type", + "text" : "storage_type", + "type" : "Enum(ram,disc)", + "default" : "ram" + }, + { + "doc" : "消息保留的数量上限。0 表示无限", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-max_retained_messages", + "text" : "max_retained_messages", + "type" : "Integer(0..+inf)", + "default" : "0" + }, + { + "doc" : "Retainer index specifications: list of arrays of positive ascending integers. Each array specifies an index. Numbers in an index specification are 1-based word positions in topics. Words from specified positions will be used for indexing.
For example, it is good to have [2, 4] index to optimize +/X/+/Y/... topic wildcard subscriptions.", + "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-index_specs", + "text" : "index_specs", + "type" : "Array(Integer)", + "default" : "[[1, 2, 3], [1, 3], [2, 3], [3]]" + } + ], + "text" : "mnesia_config" + } + ], + "hash" : "V-retainer-S-retainer-backend", + "text" : "backend", + "type" : "Struct(mnesia_config)" + } + ], + "text" : "retainer" + } + ], + "hash" : "V-retainer", + "text" : "retainer", + "type" : "Struct(retainer)" + }, + { + "refs" : [ + { + "doc" : "Settings for the delayed module.", + "hash" : "T-delayed-S-delayed", + "fields" : [ + { + "doc" : "延迟消息的数量上限(0 代表不限数量)", + "hash" : "V-delayed-S-delayed-max_delayed_messages", + "text" : "max_delayed_messages", + "type" : "Integer", + "default" : "0" + } + ], + "text" : "delayed" + } + ], + "hash" : "V-delayed", + "text" : "delayed", + "type" : "Struct(delayed)" + }, + { + "refs" : [ + { + "doc" : "管理 EMQX 插件。
\n插件可以是 EMQX 安装包中的一部分,也可以是一个独立的安装包。
\n独立安装的插件称为“外部插件”。", + "hash" : "T-plugins-S-plugins", + "fields" : [ + { + "doc" : "一组插件的状态。插件将按照定义的顺序启动", + "refs" : [ + { + "doc" : "描述插件的状态", + "hash" : "T-plugins-S-plugins-states-S-state", + "fields" : [ + { + "doc" : "插件的名称{name}-{version}。
\n它应该与插件的发布包名称一致,如 my_plugin-0.1.0。", + "hash" : "V-plugins-S-plugins-states-S-state-name_vsn", + "text" : "name_vsn", + "type" : "String" + } + ], + "text" : "state" + } + ], + "hash" : "V-plugins-S-plugins-states", + "text" : "states", + "type" : "Array(Struct(state))", + "default" : "[]" + }, + { + "doc" : "插件安装包的目录,出于安全考虑,该目录应该值允许 emqx,或用于运行 EMQX 服务的用户拥有写入权限。", + "hash" : "V-plugins-S-plugins-install_dir", + "text" : "install_dir", + "type" : "String", + "default" : "plugins" + }, + { + "doc" : "Deprecated since 5.0.24.
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-plugins-S-plugins-check_interval", + "text" : "check_interval", + "type" : "Duration" + } + ], + "text" : "plugins" + } + ], + "hash" : "V-plugins", + "text" : "plugins", + "type" : "Struct(plugins)" + }, + { + "refs" : [ + { + "doc" : "EMQX Dashboard 配置。", + "hash" : "T-dashboard-S-dashboard", + "fields" : [ + { + "doc" : "Dashboard 监听器设置。监听器必须有唯一的端口号和 IP 地址的组合。\n例如,可以通过指定 IP 地址 0.0.0.0 来监听机器上给定端口上的所有配置的 IP 地址。\n或者,可以为每个监听器指定唯一的 IP 地址,但使用相同的端口。", + "refs" : [ + { + "doc" : "Dashboard 监听器配置。", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners", + "fields" : [ + { + "doc" : "TCP listeners", + "refs" : [ + { + "doc" : "Dashboard 监听器(HTTP)配置。", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-http-S-http", + "fields" : [ + { + "doc" : "将监听器绑定到指定的地址和端口号,例如 127.0.0.1:18083。\n如果仅配置端口号(例如 18083),则相当于绑定到所有地址 0.0.0.0。\n如果 bind 设置为 0,则禁用监听器。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-bind", + "text" : "bind", + "type" : "String", + "default" : "0" + }, + { + "doc" : "TCP 协议的 Socket acceptor 池大小, 通常配置为 CPU 核数", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-num_acceptors", + "text" : "num_acceptors", + "type" : "Integer", + "default" : "2" + }, + { + "doc" : "同时处理的最大连接数。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-max_connections", + "text" : "max_connections", + "type" : "Integer", + "default" : "512" + }, + { + "doc" : "排队等待连接的队列的最大长度。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-backlog", + "text" : "backlog", + "type" : "Integer", + "default" : "1024" + }, + { + "doc" : "发送响应内容的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 IPv6, 如果机器不支持 IPv6,请关闭此选项,否则会导致 Dashboard 无法使用。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-inet6", + "text" : "inet6", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "当开启 inet6 功能的同时禁用 IPv4-to-IPv6 映射。该配置仅在 inet6 功能开启时有效。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-ipv6_v6only", + "text" : "ipv6_v6only", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "启用 Proxy Protocol 以提取客户端连接的原始信息,要求使用了代理服务器并且代理服务器也启用 Proxy Protocol。注意:一旦开启了这个功能,就无法再处理普通的 HTTP 请求。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-proxy_header", + "text" : "proxy_header", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "http" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http", + "text" : "http", + "type" : "Struct(http)" + }, + { + "doc" : "SSL listeners", + "refs" : [ + { + "doc" : "Dashboard 监听器(HTTPS)配置。", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https", + "fields" : [ + { + "doc" : "将监听器绑定到指定的地址和端口号,例如 127.0.0.1:18083。\n如果仅配置端口号(例如 18083),则相当于绑定到所有地址 0.0.0.0。\n如果 bind 设置为 0,则禁用监听器。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-bind", + "text" : "bind", + "type" : "String", + "default" : "0" + }, + { + "doc" : "Dashboard 监听器的 SSL/TLS 选项。", + "refs" : [ + { + "doc" : "Dashboard 监听器的 SSL/TLS 选项。", + "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ssl_options" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_options)" + }, + { + "doc" : "TCP 协议的 Socket acceptor 池大小, 通常配置为 CPU 核数", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-num_acceptors", + "text" : "num_acceptors", + "type" : "Integer", + "default" : "2" + }, + { + "doc" : "同时处理的最大连接数。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-max_connections", + "text" : "max_connections", + "type" : "Integer", + "default" : "512" + }, + { + "doc" : "排队等待连接的队列的最大长度。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-backlog", + "text" : "backlog", + "type" : "Integer", + "default" : "1024" + }, + { + "doc" : "发送响应内容的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 IPv6, 如果机器不支持 IPv6,请关闭此选项,否则会导致 Dashboard 无法使用。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-inet6", + "text" : "inet6", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "当开启 inet6 功能的同时禁用 IPv4-to-IPv6 映射。该配置仅在 inet6 功能开启时有效。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ipv6_v6only", + "text" : "ipv6_v6only", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "启用 Proxy Protocol 以提取客户端连接的原始信息,要求使用了代理服务器并且代理服务器也启用 Proxy Protocol。注意:一旦开启了这个功能,就无法再处理普通的 HTTP 请求。", + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-proxy_header", + "text" : "proxy_header", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "https" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https", + "text" : "https", + "type" : "Struct(https)" + } + ], + "text" : "listeners" + } + ], + "hash" : "V-dashboard-S-dashboard-listeners", + "text" : "listeners", + "type" : "Struct(listeners)" + }, + { + "doc" : "用于初始化 admin 用户数据库记录的密码。\n注意:在初始化(第一次启动)后更改默认密码将不起作用。\n一旦初始化完成,默认密码 public 必须尽快通过 Dashboard 或 CLI 更改。", + "hash" : "V-dashboard-S-dashboard-default_password", + "text" : "default_password", + "type" : "String", + "default" : "public" + }, + { + "doc" : "登录成功返回的 JWT token 过期时间,默认为 60 分钟。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-token_expired_time", + "text" : "token_expired_time", + "type" : "Duration", + "default" : "\"60m\"" + }, + { + "doc" : "CORS(Cross-Origin Resource Sharing,跨域资源共享)允许服务器响应来自任何来源(域名、协议或端口)的请求,启用后允许另一个域名下的服务直接通过 JavaScript 调用 EMQX REST API。", + "hash" : "V-dashboard-S-dashboard-cors", + "text" : "cors", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "启用或禁用对 Swagger API 文档的支持。", + "hash" : "V-dashboard-S-dashboard-swagger_support", + "text" : "swagger_support", + "type" : "Boolean", + "default" : "true" + }, + { + "refs" : [ + { + "doc" : "Dashboard Single Sign-On", + "hash" : "T-dashboard-S-dashboard-sso-S-sso", + "fields" : [ + { + "refs" : [ + { + "doc" : "LDAP", + "hash" : "T-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap", + "fields" : [ + { + "doc" : "是否启用该后端", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "----", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-backend", + "text" : "backend", + "type" : "Enum(ldap)" + }, + { + "doc" : "LDAP 查询超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-query_timeout", + "text" : "query_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机名条目的格式为:`主机[:端口]`。
\n如果 `[:端口]` 未指定, 将使用 LDAP 默认端口 389。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-server", + "text" : "server", + "type" : "String" + }, + { + "doc" : "桥接远端服务时使用的连接池大小。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "内部数据库的用户名。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "与基本对象条目(或根)相关的名称。\n搜索用户的起点。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-base_dn", + "text" : "base_dn", + "type" : "String" + }, + { + "doc" : "LDAP 中匹配用户的过滤器默认为 `(&(objectClass=person)(uid=${username}))`。 对于 Active Directory,默认过滤器是 `(&(objectClass=user)(sAMAccountName=${username}))`。更多详细内容,请参考 [LDAP Filters](https://ldap.com/ldap-filters/)。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-filter", + "text" : "filter", + "type" : "String", + "default" : "\"(& (objectClass=person) (uid=${username}))\"" + }, + { + "doc" : "设置每个单独请求所使用的最大时间(以毫秒为单位)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "启用 SSL 连接。", + "hash" : "T-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl" + } + ], + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl", + "text" : "ssl", + "type" : "Struct(ssl)", + "default" : "{enable = false}" + } + ], + "text" : "ldap" + } + ], + "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap", + "text" : "ldap", + "type" : "Struct(ldap)" + }, + { + "refs" : [ + { + "doc" : "OIDC", + "hash" : "T-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc", + "fields" : [ + { + "doc" : "是否启用该后端", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "----", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-backend", + "text" : "backend", + "type" : "Enum(oidc)" + }, + { + "doc" : "OIDC 发行者的 URL。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-issuer", + "text" : "issuer", + "type" : "String" + }, + { + "doc" : "此后端的 clientId。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-clientid", + "text" : "clientid", + "type" : "String" + }, + { + "doc" : "客户端密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-secret", + "text" : "secret", + "type" : "Secret" + }, + { + "doc" : "范围,默认值是 `[\"openid\"]`.", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-scopes", + "text" : "scopes", + "type" : "Array(String)", + "default" : "[openid]" + }, + { + "doc" : "将 OIDC 用户信息映射到 Dashboard 名称的模板,默认值是 `${sub}`。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-name_var", + "text" : "name_var", + "type" : "String", + "default" : "\"${sub}\"" + }, + { + "doc" : "EMQX Dashboard 的地址。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-dashboard_addr", + "text" : "dashboard_addr", + "type" : "String", + "default" : "\"http://127.0.0.1:18083\"" + }, + { + "doc" : "OIDC `state` 的有效时间范围,默认为 `30s`,如果授权服务器返回的代码响应超过此时间范围,将视为无效。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-session_expiry", + "text" : "session_expiry", + "type" : "Duration(s)", + "default" : "\"30s\"" + }, + { + "doc" : "获取 token 时是否需要 PKCE。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-require_pkce", + "text" : "require_pkce", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "设置有效的身份验证方法及其优先级。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-preferred_auth_methods", + "text" : "preferred_auth_methods", + "type" : "Array(Enum(private_key_jwt,client_secret_jwt,client_secret_post,client_secret_basic,none))", + "default" : "[client_secret_post, client_secret_basic, none]" + }, + { + "doc" : "支持 OIDC 协议的身份服务提供商。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-provider", + "text" : "provider", + "type" : "Enum(okta,generic)", + "default" : "generic" + }, + { + "doc" : "一些身份提供商在提供商配置中没有提供所有方法项,将此值设置为这些项的回退。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-fallback_methods", + "text" : "fallback_methods", + "type" : "Array(String)", + "default" : "[RS256]" + }, + { + "doc" : "在此处设置 JWK 或 JWKS 以启用 `private_key_jwt` 授权或 `DPoP` 扩展。", + "refs" : [ + { + "doc" : "从文件中设置 JWKS。", + "hash" : "T-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks", + "fields" : [ + { + "doc" : "JWKS 的来源类型。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks-type", + "text" : "type", + "type" : "Enum(file)" + }, + { + "doc" : "JWKS 的内容。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks-file", + "text" : "file", + "type" : "String" + } + ], + "text" : "client_file_jwks" + } + ], + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks", + "text" : "client_jwks", + "type" : "OneOf(String(\"none\"),Struct(client_file_jwks))", + "default" : "none" + } + ], + "text" : "oidc" + } + ], + "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc", + "text" : "oidc", + "type" : "Struct(oidc)" + }, + { + "refs" : [ + { + "doc" : "saml", + "hash" : "T-dashboard-S-dashboard-sso-S-sso-saml-S-saml", + "fields" : [ + { + "doc" : "是否启用该后端", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "----", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-backend", + "text" : "backend", + "type" : "Enum(saml)" + }, + { + "doc" : "EMQX Dashboard 的地址。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-dashboard_addr", + "text" : "dashboard_addr", + "type" : "String", + "default" : "\"https://127.0.0.1:18083\"" + }, + { + "doc" : "身份提供商的元数据地址。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-idp_metadata_url", + "text" : "idp_metadata_url", + "type" : "String", + "default" : "\"https://idp.example.com\"" + }, + { + "doc" : "是否签署 SAML 请求。", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_sign_request", + "text" : "sp_sign_request", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "----", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_public_key", + "text" : "sp_public_key", + "type" : "String", + "default" : "\"Pub Key\"" + }, + { + "doc" : "----", + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_private_key", + "text" : "sp_private_key", + "type" : "String" + } + ], + "text" : "saml" + } + ], + "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml", + "text" : "saml", + "type" : "Struct(saml)" + } + ], + "text" : "sso" + } + ], + "hash" : "V-dashboard-S-dashboard-sso", + "text" : "sso", + "type" : "Struct(sso)" + } + ], + "text" : "dashboard" + } + ], + "hash" : "V-dashboard", + "text" : "dashboard", + "type" : "Struct(dashboard)" + }, + { + "refs" : [ + { + "doc" : "EMQX Gateway configuration root.", + "hash" : "T-gateway-S-gateway", + "fields" : [ + { + "refs" : [ + { + "doc" : "The CoAP protocol gateway provides EMQX with the access capability of the CoAP protocol.\nIt allows publishing, subscribing, and receiving messages to EMQX in accordance\nwith a certain defined CoAP message format.", + "hash" : "T-gateway-S-gateway-coap-S-coap", + "fields" : [ + { + "doc" : "CoAP 网关要求客户端的最小心跳间隔时间。\n当 connection_required 开启后,该参数用于检查客户端连接是否存活
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-heartbeat", + "text" : "heartbeat", + "type" : "Duration(s)", + "default" : "\"30s\"" + }, + { + "doc" : "是否开启连接模式。\n连接模式是非标准协议的功能。它维护 CoAP 客户端上线、认证、和连接状态的保持", + "hash" : "V-gateway-S-gateway-coap-S-coap-connection_required", + "text" : "connection_required", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "投递给 CoAP 客户端的通知消息类型。当客户端 Observe 一个资源(或订阅某个主题)时,网关会向客户端推送新产生的消息。其消息类型可设置为:
\n\n - non: 不需要客户端返回确认消息;
\n - con: 需要客户端返回一个确认消息;
\n - qos: 取决于消息的 QoS 等级; QoS 0 会以 `non` 类型下发,QoS 1/2 会以 `con` 类型下发", + "hash" : "V-gateway-S-gateway-coap-S-coap-notify_type", + "text" : "notify_type", + "type" : "Enum(non,con,qos)", + "default" : "qos" + }, + { + "doc" : "客户端订阅请求的默认 QoS 等级。\n当 CoAP 客户端发起订阅请求时,如果未携带 `qos` 参数则会使用该默认值。默认值可设置为:
\n - qos0、 qos1、qos2: 设置为固定的 QoS 等级
\n - coap: 依据订阅操作的 CoAP 报文类型来动态决定
\n * 当订阅请求为 `non-confirmable` 类型时,取值为 qos0
\n * 当订阅请求为 `confirmable` 类型时,取值为 qos1", + "hash" : "V-gateway-S-gateway-coap-S-coap-subscribe_qos", + "text" : "subscribe_qos", + "type" : "Enum(qos0,qos1,qos2,coap)", + "default" : "coap" + }, + { + "doc" : "客户端发布请求的默认 QoS 等级。\n当 CoAP 客户端发起发布请求时,如果未携带 `qos` 参数则会使用该默认值。默认值可设置为:
\n\n - qos0、qos1、qos2: 设置为固定的 QoS 等级
\n - coap: 依据发布操作的 CoAP 报文类型来动态决定
\n * 当发布请求为 `non-confirmable` 类型时,取值为 qos0
\n * 当发布请求为 `confirmable` 类型时,取值为 qos1", + "hash" : "V-gateway-S-gateway-coap-S-coap-publish_qos", + "text" : "publish_qos", + "type" : "Enum(qos0,qos1,qos2,coap)", + "default" : "coap" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-coap-S-coap-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS Socket 配置", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-coap-S-coap-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-coap-S-coap-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "coap" + } + ], + "hash" : "V-gateway-S-gateway-coap", + "text" : "coap", + "type" : "Struct(coap)" + }, + { + "refs" : [ + { + "doc" : "Settings for EMQX extension protocol (exproto).", + "hash" : "T-gateway-S-gateway-exproto-S-exproto", + "fields" : [ + { + "doc" : "配置 ExProto 网关需要启动的 ConnectionAdapter 服务。\n该服务用于提供客户端的认证、发布、订阅和数据下行等功能。", + "refs" : [ + { + "doc" : "Settings for the exproto gRPC server.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server", + "fields" : [ + { + "doc" : "服务监听地址和端口。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "服务 SSL 配置。", + "refs" : [ + { + "doc" : "SSL configuration for the server.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ssl_server_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_server_opts)" + } + ], + "text" : "exproto_grpc_server" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-server", + "text" : "server", + "type" : "Struct(exproto_grpc_server)" + }, + { + "doc" : "配置 ExProto 网关需要请求的 ConnectionHandler 服务地址。\n该服务用于给 ExProto 提供客户端的 Socket 事件处理、字节解码、订阅消息接收等功能。", + "refs" : [ + { + "doc" : "Settings for the exproto gRPC connection handler.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler", + "fields" : [ + { + "doc" : "对端 gRPC 服务器地址。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-address", + "text" : "address", + "type" : "String" + }, + { + "doc" : "用于处理连接事件的服务名称\n在初始版本中,我们期望使用流来提高 ConnectionHandler 中请求的效率。\n但不幸的是,不同流之间的事件顺序混乱。\n这导致 OnSocketCreated 事件可能会\n在 OnReceivedBytes 之后到达。\n因此,自 v5.0.25 起,我们添加了 `ConnectionUnaryHandler` 服务,并强制在其中使用了 Unary,以避免顺序问题。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-service_name", + "text" : "service_name", + "type" : "OneOf(String(\"ConnectionHandler\"),String(\"ConnectionUnaryHandler\"))", + "default" : "ConnectionUnaryHandler" + }, + { + "doc" : "gRPC 客户端的 SSL 配置。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)" + } + ], + "text" : "exproto_grpc_handler" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler", + "text" : "handler", + "type" : "Struct(exproto_grpc_handler)" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for TCP and UDP listeners.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket 配置。", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS Socket 配置", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "tcp_udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners", + "text" : "listeners", + "type" : "Struct(tcp_udp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "exproto" + } + ], + "hash" : "V-gateway-S-gateway-exproto", + "text" : "exproto", + "type" : "Struct(exproto)" + }, + { + "refs" : [ + { + "doc" : "The GBT-32960 gateway", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960", + "fields" : [ + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"gbt32960/${clientid}/\"" + }, + { + "doc" : "重新发送时间间隔
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-retry_interval", + "text" : "retry_interval", + "type" : "Duration", + "default" : "\"8s\"" + }, + { + "doc" : "最大重新发送次数", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-max_retry_times", + "text" : "max_retry_times", + "type" : "Integer(0..+inf)", + "default" : "3" + }, + { + "doc" : "最大消息队列长度", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-message_queue_len", + "text" : "message_queue_len", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "refs" : [ + { + "doc" : "Settings for the TCP listeners.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket 配置。", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + } + ], + "text" : "tcp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners", + "text" : "listeners", + "type" : "Struct(tcp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "gbt32960" + } + ], + "hash" : "V-gateway-S-gateway-gbt32960", + "text" : "gbt32960", + "type" : "Struct(gbt32960)" + }, + { + "refs" : [ + { + "doc" : "The JT/T 808 protocol gateway provides EMQX with the ability to access JT/T 808 protocol devices.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808", + "fields" : [ + { + "refs" : [ + { + "doc" : "Limits for the JT/T 808 frames.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-frame-S-jt808_frame", + "fields" : [ + { + "doc" : "JT/T 808 帧的最大长度。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-frame-S-jt808_frame-max_length", + "text" : "max_length", + "type" : "Integer(0..+inf)", + "default" : "8192" + } + ], + "text" : "jt808_frame" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-frame", + "text" : "frame", + "type" : "Struct(jt808_frame)" + }, + { + "refs" : [ + { + "doc" : "The JT/T 808 protocol options.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto", + "fields" : [ + { + "doc" : "JT/T 808 网关的认证设置。", + "refs" : [ + { + "doc" : "允许匿名访问 JT/T 808 网关。registry_url.descJT/T 808 设备注册中心 URL。authentication_url.descJT/T 808 设备身份验证中心 URL。jt808_up_topic.descJT/T 808 协议上行消息的主题。jt808_dn_topic.descJT/T 808 协议下行消息的主题。", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true", + "fields" : [ + { + "doc" : "允许匿名访问 JT/T 808 网关。registry_url.descJT/T 808 设备注册中心 URL。authentication_url.descJT/T 808 设备身份验证中心 URL。jt808_up_topic.descJT/T 808 协议上行消息的主题。jt808_dn_topic.descJT/T 808 协议下行消息的主题。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-allow_anonymous", + "text" : "allow_anonymous", + "type" : "OneOf(String(\"true\"))" + }, + { + "doc" : "JT/T 808 设备注册中心的 URL。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-registry", + "text" : "registry", + "type" : "String" + }, + { + "doc" : "JT/T 808 设备认证中心的 URL。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-authentication", + "text" : "authentication", + "type" : "String" + } + ], + "text" : "anonymous_true" + }, + { + "doc" : "允许匿名访问 JT/T 808 网关。registry_url.descJT/T 808 设备注册中心 URL。authentication_url.descJT/T 808 设备身份验证中心 URL。jt808_up_topic.descJT/T 808 协议上行消息的主题。jt808_dn_topic.descJT/T 808 协议下行消息的主题。", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false", + "fields" : [ + { + "doc" : "允许匿名访问 JT/T 808 网关。registry_url.descJT/T 808 设备注册中心 URL。authentication_url.descJT/T 808 设备身份验证中心 URL。jt808_up_topic.descJT/T 808 协议上行消息的主题。jt808_dn_topic.descJT/T 808 协议下行消息的主题。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-allow_anonymous", + "text" : "allow_anonymous", + "type" : "OneOf(String(\"false\"))" + }, + { + "doc" : "JT/T 808 设备注册中心的 URL。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-registry", + "text" : "registry", + "type" : "String" + }, + { + "doc" : "JT/T 808 设备认证中心的 URL。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-authentication", + "text" : "authentication", + "type" : "String" + } + ], + "text" : "anonymous_false" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth", + "text" : "auth", + "type" : "OneOf(Struct(anonymous_true),Struct(anonymous_false))" + }, + { + "doc" : "JT/T 808 协议上行消息的主题。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-up_topic", + "text" : "up_topic", + "type" : "String", + "default" : "\"jt808/${clientid}/${phone}/up\"" + }, + { + "doc" : "JT/T 808 协议下行消息的主题。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-dn_topic", + "text" : "dn_topic", + "type" : "String", + "default" : "\"jt808/${clientid}/${phone}/dn\"" + } + ], + "text" : "jt808_proto" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto", + "text" : "proto", + "type" : "Struct(jt808_proto)" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"jt808/${clientid}/\"" + }, + { + "doc" : "重发时间间隔
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-retry_interval", + "text" : "retry_interval", + "type" : "Duration", + "default" : "\"8s\"" + }, + { + "doc" : "最大重发次数", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-max_retry_times", + "text" : "max_retry_times", + "type" : "Integer(0..+inf)", + "default" : "3" + }, + { + "doc" : "最大消息队列长度", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-message_queue_len", + "text" : "message_queue_len", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "refs" : [ + { + "doc" : "Settings for the TCP listeners.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket 配置。", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + } + ], + "text" : "tcp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners", + "text" : "listeners", + "type" : "Struct(tcp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "jt808" + } + ], + "hash" : "V-gateway-S-gateway-jt808", + "text" : "jt808", + "type" : "Struct(jt808)" + }, + { + "refs" : [ + { + "doc" : "The LwM2M protocol gateway.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m", + "fields" : [ + { + "doc" : "LwM2M Resource 定义的 XML 文件目录路径。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-xml_dir", + "text" : "xml_dir", + "type" : "String" + }, + { + "doc" : "允许 LwM2M 客户端允许设置的心跳最小值。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_min", + "text" : "lifetime_min", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "允许 LwM2M 客户端允许设置的心跳最大值。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_max", + "text" : "lifetime_max", + "type" : "Duration", + "default" : "\"86400s\"" + }, + { + "doc" : "在 QMode 模式下,LwM2M 网关认为网络链接有效的时间窗口的值。\n例如,在收到客户端的更新信息后,在这个时间窗口内的任何信息都会直接发送到 LwM2M 客户端,而超过这个时间窗口的所有信息都会暂时储存在内存中。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-qmode_time_window", + "text" : "qmode_time_window", + "type" : "Duration(s)", + "default" : "\"22s\"" + }, + { + "doc" : "自动 Observe REGISTER 数据包的 Object 列表。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-auto_observe", + "text" : "auto_observe", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "发布 UPDATE 事件消息的策略。
\n - always: 只要收到 UPDATE 请求,就发送更新事件。
\n - contains_object_list: 仅当 UPDATE 请求携带 Object 列表时才发送更新事件。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-update_msg_publish_condition", + "text" : "update_msg_publish_condition", + "type" : "Enum(always,contains_object_list)", + "default" : "contains_object_list" + }, + { + "doc" : "LwM2M 网关订阅/发布消息的主题映射配置。", + "refs" : [ + { + "doc" : "MQTT topics that correspond to LwM2M events.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators", + "fields" : [ + { + "doc" : "下行命令主题。\n对于每个成功上线的新 LwM2M 客户端,网关会创建一个订阅关系来接收下行消息并将其发送给客户端", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator", + "fields" : [ + { + "doc" : "主题名称", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS 等级", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command", + "text" : "command", + "type" : "Struct(translator)" + }, + { + "doc" : "用于网关发布来自 LwM2M 客户端的确认事件的主题。", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator", + "fields" : [ + { + "doc" : "主题名称", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS 等级", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response", + "text" : "response", + "type" : "Struct(translator)" + }, + { + "doc" : "用于发布来自 LwM2M 客户端的通知事件的主题。\n在成功 Observe 到 LwM2M 客户端的资源后,如果客户端报告任何资源状态的变化,网关将通过该主题发送通知事件", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator", + "fields" : [ + { + "doc" : "主题名称", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS 等级", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify", + "text" : "notify", + "type" : "Struct(translator)" + }, + { + "doc" : "用于发布来自 LwM2M 客户端的注册事件的主题。", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator", + "fields" : [ + { + "doc" : "主题名称", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS 等级", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register", + "text" : "register", + "type" : "Struct(translator)" + }, + { + "doc" : "用于发布来自 LwM2M 客户端的更新事件的主题。", + "refs" : [ + { + "doc" : "MQTT topic that corresponds to a particular type of event.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator", + "fields" : [ + { + "doc" : "主题名称", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-topic", + "text" : "topic", + "type" : "String" + }, + { + "doc" : "QoS 等级", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-qos", + "text" : "qos", + "type" : "Integer(0..2)", + "default" : "0" + } + ], + "text" : "translator" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update", + "text" : "update", + "type" : "Struct(translator)" + } + ], + "text" : "lwm2m_translators" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators", + "text" : "translators", + "type" : "Struct(lwm2m_translators)" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"lwm2m/${endpoint_name}/\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS Socket 配置", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "lwm2m" + } + ], + "hash" : "V-gateway-S-gateway-lwm2m", + "text" : "lwm2m", + "type" : "Struct(lwm2m)" + }, + { + "refs" : [ + { + "doc" : "The MQTT-SN (MQTT for Sensor Networks) protocol gateway.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn", + "fields" : [ + { + "doc" : "MQTT-SN 网关 ID。\n当 broadcast 打开时,MQTT-SN 网关会使用该 ID 来广播 ADVERTISE 消息", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-gateway_id", + "text" : "gateway_id", + "type" : "Integer", + "default" : "1" + }, + { + "doc" : "是否周期性广播 ADVERTISE 消息", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-broadcast", + "text" : "broadcast", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "是否允许无连接的客户端发送 QoS 等于 -1 的消息。\n该功能主要用于支持轻量的 MQTT-SN 客户端实现,它不会向网关建立连接,注册主题,也不会发起订阅;它只使用 QoS 为 -1 来发布消息", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_qos3", + "text" : "enable_qos3", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在会话被重用后,网关是否主动向客户端注册对已订阅主题名称", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-subs_resume", + "text" : "subs_resume", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "预定义主题列表。\n预定义的主题列表,是一组 主题 ID 和 主题名称 的映射关系。使用预先定义的主题列表,可以减少 MQTT-SN 客户端和网关对于固定主题的注册请求", + "refs" : [ + { + "doc" : "The pre-defined topic name corresponding to the pre-defined topic\nID of N.\n\nNote: the pre-defined topic ID of 0 is reserved.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined", + "fields" : [ + { + "doc" : "主题 ID。范围:1-65535", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-id", + "text" : "id", + "type" : "Integer(1..1024)" + }, + { + "doc" : "主题名称。注:不支持通配符", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-topic", + "text" : "topic", + "type" : "String" + } + ], + "text" : "mqttsn_predefined" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined", + "text" : "predefined", + "type" : "Array(Struct(mqttsn_predefined))", + "default" : "[]" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the UDP listeners.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for UDP listener.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener", + "fields" : [ + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "udp_listener" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp", + "text" : "udp", + "type" : "Map($name->Struct(udp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for DTLS listener.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。", + "refs" : [ + { + "doc" : "UDP health check", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check", + "fields" : [ + { + "doc" : "请求的内容。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request", + "text" : "request", + "type" : "String" + }, + { + "doc" : "回复的内容。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply", + "text" : "reply", + "type" : "String" + } + ], + "text" : "udp_health_check" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check", + "text" : "health_check", + "type" : "Struct(udp_health_check)" + }, + { + "refs" : [ + { + "doc" : "Settings for UDP sockets.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts", + "fields" : [ + { + "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n", + "text" : "active_n", + "type" : "Integer", + "default" : "100" + }, + { + "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize" + }, + { + "doc" : "允许重用本地处于 TIME_WAIT 的端口号。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + } + ], + "text" : "udp_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options", + "text" : "udp_options", + "type" : "Struct(udp_opts)" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "DTLS Socket 配置", + "refs" : [ + { + "doc" : "Settings for DTLS protocol.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"dtlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "dtls_opts" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options", + "text" : "dtls_options", + "type" : "Struct(dtls_opts)" + } + ], + "text" : "dtls_listener" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls", + "text" : "dtls", + "type" : "Map($name->Struct(dtls_listener))" + } + ], + "text" : "udp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners", + "text" : "listeners", + "type" : "Struct(udp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "mqttsn" + } + ], + "hash" : "V-gateway-S-gateway-mqttsn", + "text" : "mqttsn", + "type" : "Struct(mqttsn)" + }, + { + "refs" : [ + { + "doc" : "The OCPP gateway", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp", + "fields" : [ + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"ocpp/\"" + }, + { + "doc" : "默认的心跳时间间隔
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-default_heartbeat_interval", + "text" : "default_heartbeat_interval", + "type" : "Duration(s)", + "default" : "\"60s\"" + }, + { + "doc" : "用于心跳检查次数的退避时间", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-heartbeat_checking_times_backoff", + "text" : "heartbeat_checking_times_backoff", + "type" : "Integer", + "default" : "1" + }, + { + "refs" : [ + { + "doc" : "Upload stream topic to notify third-party system what's messages/events reported by Charge Point. Available placeholders:\n- cid: Charge Point ID\n- clientid: Equal to Charge Point ID\n- action: Message Name in OCPP", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream", + "fields" : [ + { + "doc" : "上传流呼叫请求消息主题。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-topic", + "text" : "topic", + "type" : "String", + "default" : "\"cp/${cid}\"" + }, + { + "doc" : "通过消息名称进行的上传流主题覆盖映射。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-topic_override_mapping", + "text" : "topic_override_mapping", + "type" : "Map($name->String)", + "default" : "{}" + }, + { + "doc" : "上传流回复消息主题。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-reply_topic", + "text" : "reply_topic", + "type" : "String", + "default" : "\"cp/${cid}/Reply\"" + }, + { + "doc" : "上传流错误主题。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-error_topic", + "text" : "error_topic", + "type" : "String", + "default" : "\"cp/${cid}/Reply\"" + } + ], + "text" : "upstream" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream", + "text" : "upstream", + "type" : "Struct(upstream)" + }, + { + "refs" : [ + { + "doc" : "Download stream topic to forward the system message to device. Available placeholders:\n- cid: Charge Point ID\n- clientid: Equal to Charge Point ID\n- action: Message Name in OCPP", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream", + "fields" : [ + { + "doc" : "用于接收来自第三方系统的请求/控制消息的下载流主题。\n此值是每个连接的充电桩都订阅的通配符主题名称。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream-topic", + "text" : "topic", + "type" : "String", + "default" : "\"cs/${cid}\"" + }, + { + "doc" : "下载流消息传递的最大消息队列长度。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream-max_mqueue_len", + "text" : "max_mqueue_len", + "type" : "Integer", + "default" : "100" + } + ], + "text" : "dnstream" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream", + "text" : "dnstream", + "type" : "Struct(dnstream)" + }, + { + "doc" : "是否启用消息格式合法性检查。\nEMQX 会根据 json-schema 中定义的格式检查上传流和下载流的消息格式。\n当检查失败时,EMQX 将回复相应的答复消息。\n\n检查策略可以是以下值之一:\n- all:检查所有消息\n- upstream_only:仅检查上传流消息\n- dnstream_only:仅检查下载流消息\n- disable:不检查任何消息", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-message_format_checking", + "text" : "message_format_checking", + "type" : "OneOf(String(\"all\"),String(\"upstream_only\"),String(\"dnstream_only\"),String(\"disable\"))", + "default" : "disable" + }, + { + "doc" : "OCPP 消息定义的 JSON 模式目录。\n默认值:${application}/priv/schemas", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-json_schema_dir", + "text" : "json_schema_dir", + "type" : "String", + "default" : "\"${application_priv}/schemas\"" + }, + { + "doc" : "OCPP 消息模式的 ID 前缀。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-json_schema_id_prefix", + "text" : "json_schema_id_prefix", + "type" : "String", + "default" : "\"urn:OCPP:1.6:2019:12:\"" + }, + { + "refs" : [ + { + "doc" : "Websocket listeners", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners", + "fields" : [ + { + "doc" : "WebSocket 监听器。", + "refs" : [ + { + "doc" : "Websocket listener", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "refs" : [ + { + "doc" : "Websocket options", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket", + "fields" : [ + { + "doc" : "WebSocket 的M QTT 协议路径。因此,EMQX Broker 的 WebSocket 地址是:ws://{ip}:{port}/mqtt", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-path", + "text" : "path", + "type" : "String", + "default" : "\"/ocpp\"" + }, + { + "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-piggyback", + "text" : "piggyback", + "type" : "Enum(single,multiple)", + "default" : "single" + }, + { + "doc" : "如果设置为true,将使用zlib压缩 WebSocket 消息。
\ndeflate_opts下的配置项属于与压缩相关的参数配置。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "等待 WebSocket 升级请求的超时时间。超时后,连接将被关闭。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "单个 MQTT 数据包的最大长度。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer)", + "default" : "infinity" + }, + { + "doc" : "如果设置为true,当客户端不携带Sec-WebSocket-Protocol字段时,服务器将返回错误。\n
注意:小程序需要禁用此验证。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "逗号分隔的支持的子协议列表。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"ocpp1.6, ocpp2.0\"" + }, + { + "doc" : "如果设置为true,将验证origin HTTP 请求头是否在check_origins参数中配置的允许来源列表中。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "如果设置为false,且check_origin_enabletrue,服务器将拒绝没有origin HTTP 请求头的请求。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "允许来源的列表。
参见check_origin_enable。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "用于传递客户端 IP 地址信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "用于传递客户端端口信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "压缩级别", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "指定压缩策略。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "接管意味着在服务器消息之间保留压缩状态。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "接管意味着在客户端消息之间保留压缩状态。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "指定服务器压缩上下文的大小。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "指定客户端压缩上下文的大小。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + } + ], + "text" : "websocket" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket", + "text" : "websocket", + "type" : "Struct(websocket)" + } + ], + "text" : "ws_listener" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws", + "text" : "ws", + "type" : "Map($name->Struct(ws_listener))" + }, + { + "doc" : "WebSocket over TLS 监听器。", + "refs" : [ + { + "doc" : "Websocket over TLS listener", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket 配置。", + "refs" : [ + { + "doc" : "Socket options for WebSocket/SSL connections.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "listener_wss_opts" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_wss_opts)" + }, + { + "refs" : [ + { + "doc" : "Websocket options", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket", + "fields" : [ + { + "doc" : "WebSocket 的M QTT 协议路径。因此,EMQX Broker 的 WebSocket 地址是:ws://{ip}:{port}/mqtt", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-path", + "text" : "path", + "type" : "String", + "default" : "\"/ocpp\"" + }, + { + "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-piggyback", + "text" : "piggyback", + "type" : "Enum(single,multiple)", + "default" : "single" + }, + { + "doc" : "如果设置为true,将使用zlib压缩 WebSocket 消息。
\ndeflate_opts下的配置项属于与压缩相关的参数配置。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-compress", + "text" : "compress", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "等待 WebSocket 升级请求的超时时间。超时后,连接将被关闭。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"7200s\"" + }, + { + "doc" : "单个 MQTT 数据包的最大长度。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-max_frame_size", + "text" : "max_frame_size", + "type" : "OneOf(String(\"infinity\"),Integer)", + "default" : "infinity" + }, + { + "doc" : "如果设置为true,当客户端不携带Sec-WebSocket-Protocol字段时,服务器将返回错误。\n
注意:小程序需要禁用此验证。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-fail_if_no_subprotocol", + "text" : "fail_if_no_subprotocol", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "逗号分隔的支持的子协议列表。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-supported_subprotocols", + "text" : "supported_subprotocols", + "type" : "String", + "default" : "\"ocpp1.6, ocpp2.0\"" + }, + { + "doc" : "如果设置为true,将验证origin HTTP 请求头是否在check_origins参数中配置的允许来源列表中。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origin_enable", + "text" : "check_origin_enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "如果设置为false,且check_origin_enabletrue,服务器将拒绝没有origin HTTP 请求头的请求。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-allow_origin_absence", + "text" : "allow_origin_absence", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "允许来源的列表。
参见check_origin_enable。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origins", + "text" : "check_origins", + "type" : "String", + "default" : "\"http://localhost:18083, http://127.0.0.1:18083\"" + }, + { + "doc" : "用于传递客户端 IP 地址信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_address_header", + "text" : "proxy_address_header", + "type" : "String", + "default" : "\"x-forwarded-for\"" + }, + { + "doc" : "用于传递客户端端口信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_port_header", + "text" : "proxy_port_header", + "type" : "String", + "default" : "\"x-forwarded-port\"" + }, + { + "refs" : [ + { + "doc" : "Compression options.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts", + "fields" : [ + { + "doc" : "压缩级别", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level", + "text" : "level", + "type" : "Enum(none,default,best_compression,best_speed)" + }, + { + "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level", + "text" : "mem_level", + "type" : "Integer(1..9)", + "default" : "8" + }, + { + "doc" : "指定压缩策略。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy", + "text" : "strategy", + "type" : "Enum(default,filtered,huffman_only,rle)", + "default" : "default" + }, + { + "doc" : "接管意味着在服务器消息之间保留压缩状态。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover", + "text" : "server_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "接管意味着在客户端消息之间保留压缩状态。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover", + "text" : "client_context_takeover", + "type" : "Enum(takeover,no_takeover)", + "default" : "takeover" + }, + { + "doc" : "指定服务器压缩上下文的大小。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits", + "text" : "server_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + }, + { + "doc" : "指定客户端压缩上下文的大小。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits", + "text" : "client_max_window_bits", + "type" : "Integer(8..15)", + "default" : "15" + } + ], + "text" : "deflate_opts" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts", + "text" : "deflate_opts", + "type" : "Struct(deflate_opts)" + } + ], + "text" : "websocket" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket", + "text" : "websocket", + "type" : "Struct(websocket)" + } + ], + "text" : "wss_listener" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss", + "text" : "wss", + "type" : "Map($name->Struct(wss_listener))" + } + ], + "text" : "ws_listeners" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners", + "text" : "listeners", + "type" : "Struct(ws_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "ocpp" + } + ], + "hash" : "V-gateway-S-gateway-ocpp", + "text" : "ocpp", + "type" : "Struct(ocpp)" + }, + { + "refs" : [ + { + "doc" : "The STOMP protocol gateway provides EMQX with the ability to access STOMP\n(Simple (or Streaming) Text Orientated Messaging Protocol) protocol.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp", + "fields" : [ + { + "refs" : [ + { + "doc" : "Size limits for the STOMP frames.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame", + "fields" : [ + { + "doc" : "头部的最大数量", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers", + "text" : "max_headers", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "允许的 Header 字符串的最大长度", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers_length", + "text" : "max_headers_length", + "type" : "Integer(0..+inf)", + "default" : "1024" + }, + { + "doc" : "每个 Stomp 数据包允许的 Body 的最大字节数", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_body_length", + "text" : "max_body_length", + "type" : "Integer", + "default" : "65536" + } + ], + "text" : "stomp_frame" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame", + "text" : "frame", + "type" : "Struct(stomp_frame)" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-mountpoint", + "text" : "mountpoint", + "type" : "String", + "default" : "\"\"" + }, + { + "refs" : [ + { + "doc" : "Settings for the TCP listeners.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners", + "fields" : [ + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for TCP listener.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + } + ], + "text" : "tcp_listener" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp", + "text" : "tcp", + "type" : "Map($name->Struct(tcp_listener))" + }, + { + "doc" : "从监听器名称到配置参数的映射。", + "refs" : [ + { + "doc" : "Settings for SSL listener.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener", + "fields" : [ + { + "doc" : "Acceptor 进程池大小。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors", + "text" : "acceptors", + "type" : "Integer", + "default" : "16" + }, + { + "doc" : "TCP Socket 配置。", + "refs" : [ + { + "doc" : "TCP listener options.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts", + "fields" : [ + { + "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n", + "text" : "active_n", + "type" : "Integer(0..+inf)", + "default" : "100" + }, + { + "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog", + "text" : "backlog", + "type" : "Integer(1..+inf)", + "default" : "1024" + }, + { + "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout", + "text" : "send_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "如果发送超时,则关闭连接。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close", + "text" : "send_timeout_close", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + }, + { + "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer", + "text" : "buffer", + "type" : "Bytesize", + "default" : "\"4KB\"" + }, + { + "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark", + "text" : "high_watermark", + "type" : "Bytesize", + "default" : "\"1MB\"" + }, + { + "doc" : "连接的 TCP_NODELAY 标识", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "连接的 SO_REUSEADDR 标识。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr", + "text" : "reuseaddr", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "为 MQTT 连接在 TCP 或 SSL 上启用 TCP 保活。\n值是以逗号分隔的三个数字,格式为 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送保活探测之前,连接需要处于空闲状态的秒数(Linux 默认为 7200)。\n - Interval: TCP 保活探测间隔的秒数(Linux 默认值为 75)。\n - Probes: 在放弃并终止连接之前,从另一端未获得响应时要发送的 TCP 保活探测的最大数量(Linux 默认值为 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP 保活探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为 'none'", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive", + "text" : "keepalive", + "type" : "String", + "default" : "none" + } + ], + "text" : "tcp_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options", + "text" : "tcp_options", + "type" : "Struct(tcp_opts)" + }, + { + "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol", + "text" : "proxy_protocol", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout", + "text" : "proxy_protocol_timeout", + "type" : "Duration", + "default" : "\"3s\"" + }, + { + "doc" : "监听器绑定的 IP 地址或端口。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind", + "text" : "bind", + "type" : "String" + }, + { + "doc" : "监听器支持的最大连接数。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections", + "text" : "max_connections", + "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))", + "default" : "1024" + }, + { + "doc" : "监听器支持的最大连接速率。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate", + "text" : "max_conn_rate", + "type" : "Integer", + "default" : "1000" + }, + { + "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn", + "text" : "enable_authn", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint", + "text" : "mountpoint", + "type" : "String" + }, + { + "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny
| | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules", + "text" : "access_rules", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL Socket 配置。", + "refs" : [ + { + "doc" : "Socket options for SSL connections.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile", + "text" : "cacertfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\"" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile", + "text" : "certfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\"" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile", + "text" : "keyfile", + "type" : "String", + "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\"" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile", + "text" : "dhfile", + "type" : "String" + }, + { + "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert", + "text" : "fail_if_no_peer_cert", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order", + "text" : "honor_cipher_order", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation", + "text" : "client_renegotiation", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout", + "text" : "handshake_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake", + "text" : "gc_after_handshake", + "type" : "Boolean", + "default" : "false" + }, + { + "refs" : [ + { + "doc" : "Per listener OCSP Stapling configuration.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp", + "fields" : [ + { + "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling", + "text" : "enable_ocsp_stapling", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url", + "text" : "responder_url", + "type" : "String" + }, + { + "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem", + "text" : "issuer_pem", + "type" : "String" + }, + { + "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval", + "text" : "refresh_interval", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout", + "text" : "refresh_http_timeout", + "type" : "Duration", + "default" : "\"15s\"" + } + ], + "text" : "ocsp" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp", + "text" : "ocsp", + "type" : "Struct(ocsp)" + }, + { + "doc" : "是否为该监听器启用 CRL 检查。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check", + "text" : "enable_crl_check", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "listener_ssl_opts" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options", + "text" : "ssl_options", + "type" : "Struct(listener_ssl_opts)" + } + ], + "text" : "ssl_listener" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl", + "text" : "ssl", + "type" : "Map($name->Struct(ssl_listener))" + } + ], + "text" : "tcp_listeners" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners", + "text" : "listeners", + "type" : "Struct(tcp_listeners)" + }, + { + "doc" : "是否开启客户端统计", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-enable_stats", + "text" : "enable_stats", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-idle_timeout", + "text" : "idle_timeout", + "type" : "Duration", + "default" : "\"30s\"" + }, + { + "doc" : "ClientInfo 重写。", + "refs" : [ + { + "doc" : "ClientInfo override.", + "hash" : "T-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override", + "fields" : [ + { + "doc" : "username 重写模板", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "password 重写模板", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-password", + "text" : "password", + "type" : "String" + }, + { + "doc" : "clientid 重写模板", + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-clientid", + "text" : "clientid", + "type" : "String" + } + ], + "text" : "clientinfo_override" + } + ], + "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override", + "text" : "clientinfo_override", + "type" : "Struct(clientinfo_override)" + } + ], + "text" : "stomp" + } + ], + "hash" : "V-gateway-S-gateway-stomp", + "text" : "stomp", + "type" : "Struct(stomp)" + } + ], + "text" : "gateway" + } + ], + "hash" : "V-gateway", + "text" : "gateway", + "type" : "Struct(gateway)" + }, + { + "refs" : [ + { + "doc" : "推荐的设置", + "hash" : "T-prometheus-S-recommend_setting", + "fields" : [ + { + "doc" : "启用或禁用 Prometheus 抓取 API 的基本认证,不适用于 Push Gateway。", + "hash" : "V-prometheus-S-recommend_setting-enable_basic_auth", + "text" : "enable_basic_auth", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Push Gateway 是可选的,如果 Prometheus 要抓取 EMQX,则不应配置。", + "refs" : [ + { + "doc" : "Push Gateway 是可选的,如果 Prometheus 要抓取 EMQX,则不应配置。", + "hash" : "T-prometheus-S-recommend_setting-push_gateway-S-push_gateway", + "fields" : [ + { + "doc" : "启用或禁用 Pushgateway。", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "Pushgateway 服务器的 URL。Push Gateway 是可选的,如果 Prometheus 要抓取 EMQX,则不应配置。", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-url", + "text" : "url", + "type" : "String", + "default" : "\"http://127.0.0.1:9091\"" + }, + { + "doc" : "数据推送间隔
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-interval", + "text" : "interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "推送到 Push Gateway 的 HTTP Headers 列表。
\n例如, { Authorization = \"some-authz-tokens\"}", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-headers", + "text" : "headers", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "推送到 Push Gateway 的 Job 名称。可用变量为:
\n- ${name}: EMQX 节点的名称。\n- ${host}: EMQX 节点主机名。\n例如,当 EMQX 节点名为 emqx@127.0.0.1 则 name 变量的值为 emqx,host 变量的值为 127.0.0.1
\n默认值为: ${name}/instance/${name}~${host}", + "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-job_name", + "text" : "job_name", + "type" : "String", + "default" : "\"${name}/instance/${name}~${host}\"" + } + ], + "text" : "push_gateway" + } + ], + "hash" : "V-prometheus-S-recommend_setting-push_gateway", + "text" : "push_gateway", + "type" : "Struct(push_gateway)" + }, + { + "doc" : "虚拟机的内部高级指标最初是禁用的\n通常只在性能测试期间启用。\n启用它们将增加 CPU 负载。", + "refs" : [ + { + "doc" : "虚拟机的内部高级指标最初是禁用的\n通常只在性能测试期间启用。\n启用它们将增加 CPU 负载。", + "hash" : "T-prometheus-S-recommend_setting-collectors-S-collectors", + "fields" : [ + { + "doc" : "开启或关闭 VM 分布采集器,收集 Erlang 分布机制中涉及的套接字和进程的信息。", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_dist", + "text" : "vm_dist", + "type" : "Enum(disabled,enabled)", + "default" : "disabled" + }, + { + "doc" : "开启或关闭 Mnesia 采集器, 使用 mnesia:system_info/1 收集 Mnesia 相关指标", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-mnesia", + "text" : "mnesia", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "开启或关闭 VM 统计采集器, 使用 erlang:statistics/1 收集 Erlang VM 相关指标", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_statistics", + "text" : "vm_statistics", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "开启或关闭 VM 系统信息采集器, 使用 erlang:system_info/1 收集 Erlang VM 相关指标", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_system_info", + "text" : "vm_system_info", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "开启或关闭 VM 内存采集器, 使用 erlang:memory/0 收集 Erlang 虚拟机动态分配的内存信息,同时提供基本的 (D)ETS 统计信息", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_memory", + "text" : "vm_memory", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "开启或关闭 VM msacc 采集器, 使用 erlang:statistics(microstate_accounting) 收集微状态计数指标", + "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_msacc", + "text" : "vm_msacc", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + } + ], + "text" : "collectors" + } + ], + "hash" : "V-prometheus-S-recommend_setting-collectors", + "text" : "collectors", + "type" : "Struct(collectors)" + } + ], + "text" : "recommend_setting" + }, + { + "doc" : "自5.4.0版本起弃用。", + "hash" : "T-prometheus-S-legacy_deprecated_setting", + "fields" : [ + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.push_gateway.url`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-push_gateway_server", + "text" : "push_gateway_server", + "type" : "String", + "default" : "\"http://127.0.0.1:9091\"" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.push_gateway.interval`。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-interval", + "text" : "interval", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.push_gateway.headers`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-headers", + "text" : "headers", + "type" : "Map", + "default" : "{}" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.push_gateway.job_name`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-job_name", + "text" : "job_name", + "type" : "String", + "default" : "\"${name}/instance/${name}~${host}\"" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.push_gateway.url`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.vm_dist`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_dist_collector", + "text" : "vm_dist_collector", + "type" : "Enum(disabled,enabled)", + "default" : "disabled" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.mnesia`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-mnesia_collector", + "text" : "mnesia_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.vm_statistics`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_statistics_collector", + "text" : "vm_statistics_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.vm_system_info`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_system_info_collector", + "text" : "vm_system_info_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.vm_memory`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_memory_collector", + "text" : "vm_memory_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + }, + { + "doc" : "自5.4.0版本起弃用,改用 `prometheus.collectors.vm_msacc`。", + "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_msacc_collector", + "text" : "vm_msacc_collector", + "type" : "Enum(enabled,disabled)", + "default" : "disabled" + } + ], + "text" : "legacy_deprecated_setting" + } + ], + "hash" : "V-prometheus", + "text" : "prometheus", + "type" : "OneOf(Struct(recommend_setting),Struct(legacy_deprecated_setting))", + "default" : "{}" + }, + { + "refs" : [ + { + "doc" : "External hook (exhook) configuration.", + "hash" : "T-exhook-S-exhook", + "fields" : [ + { + "doc" : "ExHook 服务器列表", + "refs" : [ + { + "doc" : "gRPC server configuration.", + "hash" : "T-exhook-S-exhook-servers-S-server", + "fields" : [ + { + "doc" : "ExHook 服务器名称", + "hash" : "V-exhook-S-exhook-servers-S-server-name", + "text" : "name", + "type" : "String" + }, + { + "doc" : "gRPC 服务器地址", + "hash" : "V-exhook-S-exhook-servers-S-server-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "gRPC 服务器请求超时
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-exhook-S-exhook-servers-S-server-request_timeout", + "text" : "request_timeout", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "当 gRPC 请求失败后的操作", + "hash" : "V-exhook-S-exhook-servers-S-server-failed_action", + "text" : "failed_action", + "type" : "Enum(deny,ignore)", + "default" : "deny" + }, + { + "refs" : [ + { + "doc" : "SSL client configuration.", + "hash" : "T-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_conf" + } + ], + "hash" : "V-exhook-S-exhook-servers-S-server-ssl", + "text" : "ssl", + "type" : "Struct(ssl_conf)" + }, + { + "refs" : [ + { + "doc" : "连接套接字设置", + "hash" : "T-exhook-S-exhook-servers-S-server-socket_options-S-socket_options", + "fields" : [ + { + "doc" : "当没有其他数据交换时,是否向连接的对端套接字定期的发送探测包。如果另一端没有响应,则认为连接断开,并向控制进程发送错误消息。", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-keepalive", + "text" : "keepalive", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "如果为 true,则为套接字设置 TCP_NODELAY 选项,这意味着会立即发送数据包", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-nodelay", + "text" : "nodelay", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "套接字的最小接收缓冲区大小
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-recbuf", + "text" : "recbuf", + "type" : "Bytesize" + }, + { + "doc" : "套接字的最小发送缓冲区大小
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-sndbuf", + "text" : "sndbuf", + "type" : "Bytesize" + } + ], + "text" : "socket_options" + } + ], + "hash" : "V-exhook-S-exhook-servers-S-server-socket_options", + "text" : "socket_options", + "type" : "Struct(socket_options)", + "default" : "{keepalive = true, nodelay = true}" + }, + { + "doc" : "自动重连到 gRPC 服务器的设置。\n当 gRPC 服务器不可用时,Exhook 将会按照这里设置的间隔时间进行重连,并重新初始化注册的钩子", + "hash" : "V-exhook-S-exhook-servers-S-server-auto_reconnect", + "text" : "auto_reconnect", + "type" : "OneOf(String(\"false\"),Duration)", + "default" : "\"60s\"" + }, + { + "doc" : "gRPC 客户端进程池大小", + "hash" : "V-exhook-S-exhook-servers-S-server-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + } + ], + "text" : "server" + } + ], + "hash" : "V-exhook-S-exhook-servers", + "text" : "servers", + "type" : "Array(Struct(server))", + "default" : "[]" + } + ], + "text" : "exhook" + } + ], + "hash" : "V-exhook", + "text" : "exhook", + "type" : "Struct(exhook)" + }, + { + "refs" : [ + { + "doc" : "此配置用于启用 TLS-PSK 身份验证。\n\nPSK 是 “Pre-Shared-Keys” 的缩写。\n\n注意: 确保 SSL 监听器仅启用了 'tlsv1.2',并且配置了 PSK 密码套件,例如 'RSA-PSK-AES256-GCM-SHA384'。\n\n可以通过查看监听器中的 SSL 选项,了解更多详细信息。\n\n可以通过配置 'init_file' 来设置初始化的 ID 和 密钥", + "hash" : "T-psk_authentication-S-psk_authentication", + "fields" : [ + { + "doc" : "是否开启 TLS PSK 支持", + "hash" : "V-psk_authentication-S-psk_authentication-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "如果设置了初始化文件,EMQX 将在启动时从初始化文件中导入 PSK 信息到内建数据库中。\n这个文件需要按行进行组织,每一行必须遵守如下格式: PSKIdentity:SharedSecret\n例如: mydevice1:c2VjcmV0", + "hash" : "V-psk_authentication-S-psk_authentication-init_file", + "text" : "init_file", + "type" : "String" + }, + { + "doc" : "PSK 文件中 PSKIdentitySharedSecret 之间的分隔符", + "hash" : "V-psk_authentication-S-psk_authentication-separator", + "text" : "separator", + "type" : "String", + "default" : "\":\"" + }, + { + "doc" : "将 PSK 文件导入到内建数据时每个块的大小", + "hash" : "V-psk_authentication-S-psk_authentication-chunk_size", + "text" : "chunk_size", + "type" : "Integer", + "default" : "50" + } + ], + "text" : "psk_authentication" + } + ], + "hash" : "V-psk_authentication", + "text" : "psk_authentication", + "type" : "Struct(psk_authentication)" + }, + { + "refs" : [ + { + "doc" : "Configuration for `slow_subs` feature.", + "hash" : "T-slow_subs-S-slow_subs", + "fields" : [ + { + "doc" : "开启慢订阅", + "hash" : "V-slow_subs-S-slow_subs-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "慢订阅统计的阈值
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-slow_subs-S-slow_subs-threshold", + "text" : "threshold", + "type" : "Duration", + "default" : "\"500ms\"" + }, + { + "doc" : "慢订阅记录的有效时间
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-slow_subs-S-slow_subs-expire_interval", + "text" : "expire_interval", + "type" : "Duration", + "default" : "\"300s\"" + }, + { + "doc" : "慢订阅统计表的记录数量上限", + "hash" : "V-slow_subs-S-slow_subs-top_k_num", + "text" : "top_k_num", + "type" : "Integer(1..+inf)", + "default" : "10" + }, + { + "doc" : "慢订阅的统计类型", + "hash" : "V-slow_subs-S-slow_subs-stats_type", + "text" : "stats_type", + "type" : "Enum(whole,internal,response)", + "default" : "whole" + } + ], + "text" : "slow_subs" + } + ], + "hash" : "V-slow_subs", + "text" : "slow_subs", + "type" : "Struct(slow_subs)" + }, + { + "refs" : [ + { + "doc" : "Open Telemetry 工具包配置", + "hash" : "T-opentelemetry-S-opentelemetry", + "fields" : [ + { + "doc" : "Open Telemetry 指标配置。", + "refs" : [ + { + "doc" : "Open Telemetry 指标配置。", + "hash" : "T-opentelemetry-S-opentelemetry-metrics-S-otel_metrics", + "fields" : [ + { + "doc" : "启用或禁用 open telemetry 指标", + "hash" : "V-opentelemetry-S-opentelemetry-metrics-S-otel_metrics-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "两次连续导出 Open Telemetry 信号之间的延迟间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-opentelemetry-S-opentelemetry-metrics-S-otel_metrics-interval", + "aliases" : [ + "scheduled_delay" + ], + "text" : "interval", + "type" : "Duration", + "default" : "\"10s\"" + } + ], + "text" : "otel_metrics" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-metrics", + "text" : "metrics", + "type" : "Struct(otel_metrics)" + }, + { + "doc" : "Open Telemetry 日志配置。如果启用,EMQX 将安装一个日志处理器,根据 Open Telemetry 日志数据模型格式化事件,并将它们导出到配置的 Open Telemetry 收集器或后端。", + "refs" : [ + { + "doc" : "Open Telemetry 日志配置。如果启用,EMQX 将安装一个日志处理器,根据 Open Telemetry 日志数据模型格式化事件,并将它们导出到配置的 Open Telemetry 收集器或后端。", + "hash" : "T-opentelemetry-S-opentelemetry-logs-S-otel_logs", + "fields" : [ + { + "doc" : "Open Telemetry 日志处理器的日志级别。", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-level", + "text" : "level", + "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)", + "default" : "warning" + }, + { + "doc" : "启用或禁用 open telemetry 指标", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "两次连续导出 Open Telemetry 信号之间的延迟间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-scheduled_delay", + "text" : "scheduled_delay", + "type" : "Duration", + "default" : "\"1s\"" + } + ], + "text" : "otel_logs" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-logs", + "text" : "logs", + "type" : "Struct(otel_logs)" + }, + { + "doc" : "Open Telemetry 追踪配置。", + "refs" : [ + { + "doc" : "Open Telemetry 追踪配置。", + "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces", + "fields" : [ + { + "doc" : "启用或禁用 open telemetry 指标", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "两次连续导出 Open Telemetry 信号之间的延迟间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-scheduled_delay", + "text" : "scheduled_delay", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "Open Telemetry 追踪过滤器配置", + "refs" : [ + { + "doc" : "Open Telemetry 追踪过滤器配置", + "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter", + "fields" : [ + { + "doc" : "如果启用,将追踪所有发布的消息,如果无法从消息中提取追踪 ID,则生成新的追踪 ID。\n否则,只追踪带有追踪上下文的消息。默认禁用。", + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-trace_all", + "text" : "trace_all", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "trace_filter" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter", + "text" : "filter", + "type" : "Struct(trace_filter)" + } + ], + "text" : "otel_traces" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-traces", + "text" : "traces", + "type" : "Struct(otel_traces)" + }, + { + "doc" : "Open Telemetry 导出器", + "refs" : [ + { + "doc" : "Open Telemetry 导出器", + "hash" : "T-opentelemetry-S-opentelemetry-exporter-S-otel_exporter", + "fields" : [ + { + "doc" : "导出器将要发送 Open Telemetry 信号数据的目标 URL。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-endpoint", + "text" : "endpoint", + "type" : "String", + "default" : "\"http://localhost:4317\"" + }, + { + "doc" : "Open Telemetry 导出器的 SSL 配置", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options", + "text" : "ssl_options", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + } + ], + "text" : "otel_exporter" + } + ], + "hash" : "V-opentelemetry-S-opentelemetry-exporter", + "text" : "exporter", + "type" : "Struct(otel_exporter)" + } + ], + "text" : "opentelemetry" + } + ], + "hash" : "V-opentelemetry", + "text" : "opentelemetry", + "type" : "Struct(opentelemetry)" + }, + { + "refs" : [ + { + "doc" : "API 密钥, 可用于请求除管理 API 密钥及 Dashboard 用户管理 API 的其它接口", + "hash" : "T-api_key-S-api_key", + "fields" : [ + { + "doc" : "用于在启动 EMQX 时,添加 API 密钥,其格式为 {appid}:{secret},多个密钥用换行分隔。:\n ```\n 7e729ae70d23144b:2QILI9AcQ9BYlVqLDHQNWN2saIjBV4egr1CZneTNKr9CpK\n ec3907f865805db0:Ee3taYltUKtoBVD9C3XjQl9C6NXheip8Z9B69BpUv5JxVHL\n ```", + "hash" : "V-api_key-S-api_key-bootstrap_file", + "text" : "bootstrap_file", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "api_key" + } + ], + "hash" : "V-api_key", + "text" : "api_key", + "type" : "Struct(api_key)" + }, + { + "doc" : "EMQX 企业版 License 。\nEMQX 自带一个默认的试用 License,允许最多接入 100 个连接,签发时间是 2023 年 1 月 9 日,有效期是 5 年(1825 天)。若需要在生产环境部署,\n请购买 License 或访问 https://www.emqx.com/apply-licenses/emqx 申请。", + "refs" : [ + { + "doc" : "License provisioned as a string.", + "hash" : "T-license-S-key_license", + "fields" : [ + { + "doc" : "申请或购买 License 时获得的密钥字符串", + "hash" : "V-license-S-key_license-key", + "text" : "key", + "type" : "OneOf(String(\"default\"),String)", + "default" : "default" + }, + { + "doc" : "连接数低于此值是,系统会清除连接配额使用告警", + "hash" : "V-license-S-key_license-connection_low_watermark", + "text" : "connection_low_watermark", + "type" : "String", + "default" : "\"75%\"" + }, + { + "doc" : "连接数超过该值时,系统会触发 License 连接配额使用告警", + "hash" : "V-license-S-key_license-connection_high_watermark", + "text" : "connection_high_watermark", + "type" : "String", + "default" : "\"80%\"" + } + ], + "text" : "key_license" + } + ], + "hash" : "V-license", + "text" : "license", + "type" : "Struct(key_license)" + }, + { + "refs" : [ + { + "doc" : "Schema registry 的配置。", + "hash" : "T-schema_registry-S-schema_registry", + "fields" : [ + { + "doc" : "Confluent 外部 Schema Registry 配置。", + "refs" : [ + { + "doc" : "Confluent 外部 Schema Registry 配置。", + "hash" : "T-schema_registry-S-schema_registry-external-S-confluent_schema_registry", + "fields" : [ + { + "doc" : "外部 Schema Registry 类型", + "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-type", + "text" : "type", + "type" : "String(\"confluent\")", + "default" : "confluent" + }, + { + "doc" : "外部 registry 的 URL 端点", + "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-url", + "text" : "url", + "type" : "String" + }, + { + "doc" : "访问外部 registry 的认证选项。", + "refs" : [ + { + "doc" : "访问外部 registry 的认证选项。", + "hash" : "T-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth-S-confluent_schema_registry_auth_basic", + "fields" : [ + { + "doc" : "基本认证方法的用户名。", + "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth-S-confluent_schema_registry_auth_basic-username", + "text" : "username", + "type" : "String" + }, + { + "doc" : "基本认证方法的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth-S-confluent_schema_registry_auth_basic-password", + "text" : "password", + "type" : "Secret" + } + ], + "text" : "confluent_schema_registry_auth_basic" + } + ], + "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth", + "text" : "auth", + "type" : "OneOf(String(\"none\"),Struct(confluent_schema_registry_auth_basic))", + "default" : "none" + } + ], + "text" : "confluent_schema_registry" + } + ], + "hash" : "V-schema_registry-S-schema_registry-external", + "text" : "external", + "type" : "Map($name->OneOf(Struct(confluent_schema_registry)))", + "default" : "{}" + }, + { + "doc" : "已注册的 schema。", + "refs" : [ + { + "doc" : "[Apache Avro](https://avro.apache.org/) 序列化格式。", + "hash" : "T-schema_registry-S-schema_registry-schemas-S-avro", + "fields" : [ + { + "doc" : "对于 Avro schema,必须是 avro。", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-avro-type", + "text" : "type", + "type" : "String(\"avro\")" + }, + { + "doc" : "Schema 的源文本。", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-avro-source", + "text" : "source", + "type" : "String" + }, + { + "doc" : "改 schema 的描述。", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-avro-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "avro" + }, + { + "doc" : "[Protocol Buffers](https://protobuf.dev/) 序列化格式。", + "hash" : "T-schema_registry-S-schema_registry-schemas-S-protobuf", + "fields" : [ + { + "doc" : "对于 protobuf schema,必须是 protobuf。", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-type", + "text" : "type", + "type" : "String(\"protobuf\")" + }, + { + "doc" : "Schema 的源文本。", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-source", + "text" : "source", + "type" : "String" + }, + { + "doc" : "改 schema 的描述。", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "protobuf" + }, + { + "doc" : "支持 JSON Schema\n[Draft 03](http://tools.ietf.org/html/draft-zyp-json-schema-03)\n[Draft 04](http://tools.ietf.org/html/draft-zyp-json-schema-04) 以及\n[Draft 06](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-00).", + "hash" : "T-schema_registry-S-schema_registry-schemas-S-json", + "fields" : [ + { + "doc" : "对于 JSON schema,必须是 json。", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-json-type", + "text" : "type", + "type" : "String(\"json\")" + }, + { + "doc" : "Schema 的源文本。", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-json-source", + "text" : "source", + "type" : "String" + }, + { + "doc" : "改 schema 的描述。", + "hash" : "V-schema_registry-S-schema_registry-schemas-S-json-description", + "text" : "description", + "type" : "String", + "default" : "\"\"" + } + ], + "text" : "json" + } + ], + "hash" : "V-schema_registry-S-schema_registry-schemas", + "text" : "schemas", + "type" : "Map($name->OneOf(Struct(avro),Struct(protobuf),Struct(json)))", + "default" : "{}" + } + ], + "text" : "schema_registry" + } + ], + "hash" : "V-schema_registry", + "text" : "schema_registry", + "type" : "Struct(schema_registry)" + }, + { + "refs" : [ + { + "doc" : "File transfer settings", + "hash" : "T-file_transfer-S-file_transfer", + "fields" : [ + { + "doc" : "启用文件传输(File Transfer)服务。
\n文件传输服务允许客户端使用 `$file` 主题将分片上传到 EMQX。\n启用文件传输服务表示 `$file` 主题前缀已被预留,用于提供文件传输服务。
\n这个开关也会影响文件传输 REST API 的可用性,以及依赖存储的后台任务(例如垃圾回收)。", + "hash" : "V-file_transfer-S-file_transfer-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定文件传输初始化的时间限制。在
\nEMQX 服务器过载时可能发生初始化超时。超时后给 `init` 的 PUBACK 中包含一个错误码 (0x80)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-file_transfer-S-file_transfer-init_timeout", + "text" : "init_timeout", + "type" : "Duration", + "default" : "\"10s\"" + }, + { + "doc" : "文件片段保存超时。
\nEMQX 收到文件分片后,会对它进行保存,如果发生超时(例如系统过载),则会给这个发布消息的 PUBACK 中包含一个错误码(0x80)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-file_transfer-S-file_transfer-store_segment_timeout", + "text" : "store_segment_timeout", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "文件拼接超时。
\n在收到 'fin' 消息后 EMQX 会对文件进行拼接,如果发生超时(例如系统过载),则会给 'fin' 的 PUBACK 中包含一个错误码(0x80)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-file_transfer-S-file_transfer-assemble_timeout", + "text" : "assemble_timeout", + "type" : "Duration", + "default" : "\"5m\"" + }, + { + "doc" : "文件后端存储配置", + "refs" : [ + { + "doc" : "Storage backend settings for file transfer", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend", + "fields" : [ + { + "doc" : "EMQX 节点本地用文件系统于存储文件分片的相关配置。", + "refs" : [ + { + "doc" : "File transfer local storage settings", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage", + "fields" : [ + { + "doc" : "本地文件系统存储配置,包括已上传的文件分片和临时数据。", + "refs" : [ + { + "doc" : "File transfer local segments storage settings", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments", + "fields" : [ + { + "doc" : "文件分片存储的根目录。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-root", + "text" : "root", + "type" : "String" + }, + { + "doc" : "文件系统中临时文件的垃圾回收配置。", + "refs" : [ + { + "doc" : "Garbage collection settings for the File transfer local segments storage", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc", + "fields" : [ + { + "doc" : "运行垃圾回收的时间间隔。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc-interval", + "text" : "interval", + "type" : "Duration", + "default" : "\"1h\"" + }, + { + "doc" : "分片的临时存储的最大 TTL。
\n该配置为系统全局上限,所有的分片都不会超过这个 TTL,即使某些文件传输指定了一个更大的 TTL。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc-maximum_segments_ttl", + "text" : "maximum_segments_ttl", + "type" : "Duration(s)", + "default" : "\"24h\"" + }, + { + "doc" : "分片的临时存储的最小 TTL。
\n分片在超过这个 TTL 之前不被垃圾回收。\n该配置为系统全局下限,所有的分片都不会低于这个 TTL,即使某些文件传输指定了一个更小的 TTL。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc-minimum_segments_ttl", + "text" : "minimum_segments_ttl", + "type" : "Duration(s)", + "default" : "\"5m\"" + } + ], + "text" : "local_storage_segments_gc" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc", + "text" : "gc", + "type" : "Struct(local_storage_segments_gc)" + } + ], + "text" : "local_storage_segments" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments", + "text" : "segments", + "type" : "Struct(local_storage_segments)", + "default" : "{gc {}}" + }, + { + "doc" : "将文件导出到本地存储
\n该配置项指定所有分片都传输完成了的文件进行导出到本地存储的相关行为。", + "refs" : [ + { + "doc" : "Exporter for the local file system storage backend", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend", + "fields" : [ + { + "doc" : "将文件导出到本地存储。", + "refs" : [ + { + "doc" : "Local Exporter settings for the File transfer local storage backend", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-local-S-local_storage_exporter", + "fields" : [ + { + "doc" : "导出到本地文件时使用的根目录。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-local-S-local_storage_exporter-root", + "text" : "root", + "type" : "String" + } + ], + "text" : "local_storage_exporter" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-local", + "text" : "local", + "type" : "Struct(local_storage_exporter)" + }, + { + "doc" : "将文件导出到 AWS s3 API 兼容的对象存储服务。", + "refs" : [ + { + "doc" : "S3 Exporter settings for the File transfer local storage backend", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter", + "fields" : [ + { + "doc" : "S3 桶的访问密钥 ID。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-access_key_id", + "text" : "access_key_id", + "type" : "String" + }, + { + "doc" : "S3 桶的密钥访问密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-secret_access_key", + "text" : "secret_access_key", + "type" : "Secret" + }, + { + "doc" : "S3 端点的主机。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-host", + "text" : "host", + "type" : "String" + }, + { + "doc" : "S3 端点的端口。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-port", + "text" : "port", + "type" : "Integer(1..+inf)" + }, + { + "doc" : "S3 客户端使用的 HTTP 传输层选项。", + "refs" : [ + { + "doc" : "Options for the HTTP transport layer used by the S3 client", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options", + "fields" : [ + { + "doc" : "是否探测 IPv6 支持。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ipv6_probe", + "text" : "ipv6_probe", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-connect_timeout", + "text" : "connect_timeout", + "type" : "Duration", + "default" : "\"15s\"" + }, + { + "doc" : "连接池类型。可以是random、hash之一。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-pool_type", + "text" : "pool_type", + "type" : "Enum(random,hash)", + "default" : "random" + }, + { + "doc" : "连接池大小。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-pool_size", + "text" : "pool_size", + "type" : "Integer(1..+inf)", + "default" : "8" + }, + { + "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-enable_pipelining", + "text" : "enable_pipelining", + "type" : "Integer(1..+inf)", + "default" : "100" + }, + { + "doc" : "启用 SSL 连接。", + "refs" : [ + { + "doc" : "Socket options for SSL clients.", + "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts", + "fields" : [ + { + "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacertfile", + "text" : "cacertfile", + "type" : "String" + }, + { + "doc" : "Deprecated since 5.1.4.", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacerts", + "text" : "cacerts", + "type" : "Boolean" + }, + { + "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-certfile", + "text" : "certfile", + "type" : "String" + }, + { + "doc" : "PEM 格式的私钥文件。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-keyfile", + "text" : "keyfile", + "type" : "String" + }, + { + "doc" : "启用或禁用对等验证。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify", + "text" : "verify", + "type" : "Enum(verify_peer,verify_none)", + "default" : "verify_none" + }, + { + "doc" : "启用 TLS 会话重用。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-reuse_sessions", + "text" : "reuse_sessions", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-depth", + "text" : "depth", + "type" : "Integer(0..+inf)", + "default" : "10" + }, + { + "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-password", + "text" : "password", + "type" : "Secret" + }, + { + "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-versions", + "text" : "versions", + "type" : "Array(String)", + "default" : "[\"tlsv1.3\", \"tlsv1.2\"]" + }, + { + "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-ciphers", + "text" : "ciphers", + "type" : "Array(String)", + "default" : "[]" + }, + { + "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-secure_renegotiate", + "text" : "secure_renegotiate", + "type" : "Boolean", + "default" : "true" + }, + { + "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-log_level", + "text" : "log_level", + "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)", + "default" : "notice" + }, + { + "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-hibernate_after", + "text" : "hibernate_after", + "type" : "Duration", + "default" : "\"5s\"" + }, + { + "doc" : "启用或禁用带有 partial_chain 的对等证书验证。\n当本地在 x509 路径验证过程中验证对等证书时\n它会构建一个从对等证书开始\n并以信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,\n证书链必须是完整的。\n然而,如果设置为 `true` 或 `cacert_from_cacertfile`,\n则 `cacertfile` 中的最后一个证书将被用作信任锚证书(中间 CA),\n这将在路径验证中创建一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,`cacertfile` 中的\n最后两个证书中的一个将被用作信任锚证书,\n形成一个部分链。\n此选项特别适用于中间 CA 证书的轮换。\n然而,请注意这会带来一些额外的开销,\n因此应仅用于证书轮换目的。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-partial_chain", + "text" : "partial_chain", + "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)" + }, + { + "doc" : "验证对等证书中的扩展密钥用途。\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 `Extended Key Usage` 中,\n对等证书的 'Extended Key Usage' 定义在\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中。\n\n允许的值包括\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如: \"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,等同于 `clientAuth`\n\n也支持逗号分隔的字符串,用于验证多个密钥用途。\n\n例如: `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify_peer_ext_key_usage", + "text" : "verify_peer_ext_key_usage", + "type" : "String" + }, + { + "doc" : "启用 TLS。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + }, + { + "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-server_name_indication", + "text" : "server_name_indication", + "type" : "OneOf(String(\"disable\"),String)" + } + ], + "text" : "ssl_client_opts" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl", + "text" : "ssl", + "type" : "Struct(ssl_client_opts)", + "default" : "{enable = false}" + }, + { + "doc" : "HTTP 请求头列表。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-headers", + "text" : "headers", + "type" : "Map" + }, + { + "doc" : "如果发送请求时出错,最大重试次数。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-max_retries", + "text" : "max_retries", + "type" : "Integer(0..+inf)" + }, + { + "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-request_timeout", + "text" : "request_timeout", + "type" : "Duration" + } + ], + "text" : "transport_options" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options", + "text" : "transport_options", + "type" : "Struct(transport_options)" + }, + { + "doc" : "多部分上传的最小部分大小。
\n上传的数据将在内存中累积,直到达到此大小。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-min_part_size", + "text" : "min_part_size", + "type" : "Bytesize", + "default" : "\"5mb\"" + }, + { + "doc" : "多部分上传的最大部分大小。
\nS3 上传器不会尝试上传超过此大小的部分。
表示字节数量的字符串,例如:10B640kb4MB1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-max_part_size", + "text" : "max_part_size", + "type" : "Bytesize", + "default" : "\"5gb\"" + }, + { + "doc" : "S3 对象的签名 URL 有效时间(秒)。
表示时间持续的字符串,例如:10s2.5m1h30m1W2D2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-url_expire_time", + "text" : "url_expire_time", + "type" : "Duration(s)", + "default" : "\"1h\"" + }, + { + "doc" : "S3 桶的名称。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-bucket", + "text" : "bucket", + "type" : "String" + }, + { + "doc" : "上传对象使用的 ACL。", + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-acl", + "text" : "acl", + "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)" + } + ], + "text" : "s3_exporter" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3", + "text" : "s3", + "type" : "Struct(s3_exporter)" + } + ], + "text" : "local_storage_exporter_backend" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter", + "text" : "exporter", + "type" : "Struct(local_storage_exporter_backend)", + "default" : "{local {}}" + } + ], + "text" : "local_storage" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local", + "text" : "local", + "type" : "Struct(local_storage)" + } + ], + "text" : "storage_backend" + } + ], + "hash" : "V-file_transfer-S-file_transfer-storage", + "text" : "storage", + "type" : "Struct(storage_backend)", + "default" : "{local {}}" + } + ], + "text" : "file_transfer" + } + ], + "hash" : "V-file_transfer", + "text" : "file_transfer", + "type" : "Struct(file_transfer)" + }, + { + "refs" : [ + { + "doc" : "Settings for durable queues", + "hash" : "T-durable_queues-S-durable_queues", + "fields" : [ + { + "doc" : "启用共享订阅功能。", + "hash" : "V-durable_queues-S-durable_queues-enable", + "text" : "enable", + "type" : "Boolean", + "default" : "false" + } + ], + "text" : "durable_queues" + } + ], + "hash" : "V-durable_queues", + "text" : "durable_queues", + "type" : "Struct(durable_queues)" + } + ], + "text" : "root" +} \ No newline at end of file diff --git a/redocly/ce-en.json b/redocly/ce-en.json index 8e0b7f824..832c9c8db 100644 --- a/redocly/ce-en.json +++ b/redocly/ce-en.json @@ -1,6 +1,6 @@ { "info": { - "version": "5.8.1", + "version": "5.8.2", "title": "EMQX API" }, "components": { @@ -1459,12 +1459,12 @@ "status": "finished", "started_at": "2024-07-15T13:48:02.648559+08:00", "result": "success", - "finished_at": "2024-07-16T11:00:01.875627+08:00", "upgrade_opts": { "deploy_inplace": false }, "target_vsn": "5.8.1", - "from_vsn": "5.8.0" + "from_vsn": "5.8.0", + "finished_at": "2024-07-16T11:00:01.875627+08:00" } ] } @@ -5009,6 +5009,12 @@ "format": "password", "description": "String containing the user's password. Only used if the private key file is password-protected.", "example": "" + }, + "hibernate_after": { + "default": "5s", + "type": "string", + "description": "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.

The hibernating process will be woken up when a new message arrives.
Hibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.", + "example": "12m" } }, "type": "object" @@ -10741,6 +10747,27 @@ "description": "Expired retained messages will not be delivered again, and a setting of 0 means that retained messages will never expire.

However, if the `Message-Expiry-Interval` property is specified in the MQTT message, the value of that property prevails.", "example": "32s" }, + "msg_expiry_interval_override": { + "default": "disabled", + "description": "If set, this value will take precedence over any `Message-Expiry-Interval` property specified in retained MQTT messages, allowing messages to expire earlier if necessary. This override only applies to the garbage collection process: it does not affect the expiry time of messages being written nor that of already written messages while iterating over them. Therefore, messages that are candidate for garbage collection when overridden may still be visible when subscribing to retained topics.", + "oneOf": [ + { + "type": "string", + "example": "32s" + }, + { + "type": "string", + "enum": [ + "disabled" + ] + } + ] + }, + "allow_never_expire": { + "default": true, + "type": "boolean", + "description": "If true, retained messages set to never expire (i.e., whose `Message-Expiry-Interval = 0`) are not affected by the expiry time override. This configuration only takes effect when `msg_expiry_interval_override` is set." + }, "msg_clear_interval": { "default": "0s", "type": "string", @@ -12741,6 +12768,25 @@ }, "type": "object" }, + "emqx_mgmt_api_data_backup.export_request_body": { + "properties": { + "table_sets": { + "type": "array", + "description": "Sets of tables to export. Exports all if omitted. Valid values:

- api_keys
- banned
- builtin_authn
- builtin_authz
- builtin_retainer
- dashboard_users
- psk
", + "items": { + "type": "string" + } + }, + "root_keys": { + "type": "array", + "description": "Sets of root configuration keys to export. Exports all if omitted.", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, "emqx_authn_api.response_user": { "required": [ "user_id" @@ -18527,7 +18573,7 @@ "enable": { "default": false, "type": "boolean", - "description": "Use durable storage for client sessions persistence.
If enabled, sessions configured to outlive client connections, along with their corresponding messages, will be durably stored and survive broker downtime.

:::warning
This feature is currently experimental. Please don't enable it in the production environments that contain valuable data.
:::" + "description": "Use durable storage for client sessions persistence.
If enabled, sessions configured to outlive client connections, along with their corresponding messages, will be durably stored and survive broker downtime.

:::warning
Messages sent to the durable sessions are saved on disc.
This inevitably limits the overall throughput of the system.
:::" }, "batch_size": { "default": 100, @@ -18538,11 +18584,13 @@ "idle_poll_interval": { "default": "10s", "type": "string", + "description": "Expiry interval for poll requests sent by durable sessions to the storage.", "example": "12m" }, "heartbeat_interval": { "default": "5000ms", "type": "string", + "description": "Durable sessions back up their state on disc every heartbeat interval.

Heartbeat interval is also taken into account during garbage collection of expired sessions.
It is added to the session expiry time as a safety margin when precise time of session termination is not precisely known.", "example": "12m" }, "session_gc_interval": { @@ -18560,6 +18608,7 @@ "message_retention_period": { "default": "1d", "type": "string", + "description": "Broker keeps messages sent to the durable sessions for this period of time.", "example": "12m" } }, @@ -20338,11 +20387,20 @@ { "in": "query", "name": "aggregate", - "description": "Whether to aggregate all nodes Metrics", + "description": "Whether to aggregate all nodes Metrics. Default value is 'true'.", "required": false, "schema": { "type": "boolean" } + }, + { + "in": "query", + "name": "node", + "description": "Specify which specific node to fetch data from. If not provided, return values for all nodes. This parameter only works when 'aggregate' is 'false'.", + "required": false, + "schema": { + "type": "string" + } } ], "responses": { @@ -20684,8 +20742,36 @@ } ], "responses": { - "204": { - "description": "Users imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -22318,8 +22404,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -22556,8 +22642,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -22746,8 +22832,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -23028,8 +23114,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -23218,8 +23304,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -23377,7 +23463,6 @@ } } ], - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -23393,6 +23478,7 @@ "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, { @@ -23431,11 +23517,11 @@ } } ], - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, { @@ -23470,8 +23556,8 @@ } } ], - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, { @@ -23493,7 +23579,6 @@ } } ], - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -23508,6 +23593,7 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, { @@ -23537,8 +23623,8 @@ } } ], - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, { @@ -23582,8 +23668,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, { @@ -23640,8 +23726,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 } ], @@ -23777,7 +23863,6 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -23793,6 +23878,7 @@ "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -23819,11 +23905,11 @@ "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem" }, - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -23846,8 +23932,8 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple TCP listener example" @@ -23857,7 +23943,6 @@ "name": "dtls-psk", "type": "dtls", "bind": "22214", - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -23872,6 +23957,7 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A DTLS listener with PSK example" @@ -23889,8 +23975,8 @@ }, "user_id_type": "username" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A TCP listener with authentication example" @@ -23922,8 +24008,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple WebSocket listener example" @@ -23968,8 +24054,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple WebSocket/TLS listener example" @@ -24075,7 +24161,6 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -24091,6 +24176,7 @@ "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -24117,11 +24203,11 @@ "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem" }, - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -24144,8 +24230,8 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple TCP listener example" @@ -24155,7 +24241,6 @@ "name": "dtls-psk", "type": "dtls", "bind": "22214", - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -24170,6 +24255,7 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A DTLS listener with PSK example" @@ -24187,8 +24273,8 @@ }, "user_id_type": "username" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A TCP listener with authentication example" @@ -24220,8 +24306,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple WebSocket listener example" @@ -24266,8 +24352,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple WebSocket/TLS listener example" @@ -26447,6 +26533,28 @@ } } } + }, + "503": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "SERVICE_UNAVAILABLE" + ] + }, + "message": { + "type": "string", + "description": "Service unavailable" + } + }, + "type": "object" + } + } + } } }, "summary": "Update source", @@ -26629,6 +26737,74 @@ } } } + }, + "400": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "BAD_REQUEST" + ] + }, + "message": { + "type": "string", + "description": "Invalid table sets: bar, foo" + } + }, + "type": "object" + } + } + } + }, + "500": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "BAD_REQUEST" + ] + }, + "message": { + "type": "string", + "description": "Error processing export: ..." + } + }, + "type": "object" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "example": { + "root_keys": [ + "connectors", + "actions", + "sources", + "rule_engine", + "schema_registry" + ], + "table_sets": [ + "banned", + "builtin_authn", + "builtin_authn_scram", + "builtin_authz" + ] + }, + "schema": { + "$ref": "#/components/schemas/emqx_mgmt_api_data_backup.export_request_body" + } + } } }, "security": [ @@ -26727,82 +26903,82 @@ "lwm2m_client": { "value": { "recv_oct": 56, - "inflight_max": "infinity", - "is_bridge": false, - "endpoint_name": "urn:imei:154928475237123", - "recv_pkt": 1, - "disconnected_at": null, + "clean_start": true, + "ip_address": "127.0.0.1", + "send_msg": 0, + "inflight_cnt": 0, "keepalive": 0, - "subscriptions_max": "infinity", - "awaiting_rel_max": "infinity", "node": "emqx@127.0.0.1", "send_cnt": 1, - "subscriptions_cnt": 0, - "created_at": "2021-12-07T10:44:02.721+08:00", + "is_bridge": false, + "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", + "send_oct": 61, "mqueue_dropped": 0, - "mqueue_max": "infinity", - "inflight_cnt": 0, - "send_msg": 0, "send_pkt": 1, - "send_oct": 61, - "username": "guest", - "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", - "mailbox_len": 0, + "subscriptions_max": "infinity", "heap_size": 4185, - "proto_name": "LwM2M", - "expiry_interval": 0, - "connected_at": "2021-12-07T10:44:02.721+08:00", + "lifetime": 86400, + "awaiting_rel_max": "infinity", + "created_at": "2021-12-07T10:44:02.721+08:00", + "endpoint_name": "urn:imei:154928475237123", + "recv_pkt": 1, "port": 50675, + "mqueue_max": "infinity", + "awaiting_rel_cnt": 0, "mqueue_len": 0, "proto_ver": "1.0", - "lifetime": 86400, - "ip_address": "127.0.0.1", + "connected_at": "2021-12-07T10:44:02.721+08:00", + "disconnected_at": null, "recv_msg": 0, + "username": "guest", + "mailbox_len": 0, + "inflight_max": "infinity", + "expiry_interval": 0, + "proto_name": "LwM2M", + "subscriptions_cnt": 0, "connected": true, "reductions": 72022, - "recv_cnt": 1, - "awaiting_rel_cnt": 0, - "clean_start": true + "recv_cnt": 1 }, "summary": "LwM2M client info" }, "general_client": { "value": { "recv_oct": 56, - "inflight_max": "infinity", - "is_bridge": false, - "recv_pkt": 1, - "disconnected_at": null, + "clean_start": true, + "ip_address": "127.0.0.1", + "send_msg": 0, + "inflight_cnt": 0, "keepalive": 0, - "subscriptions_max": "infinity", - "awaiting_rel_max": "infinity", "node": "emqx@127.0.0.1", "send_cnt": 1, - "subscriptions_cnt": 0, - "created_at": "2021-12-07T10:44:02.721+08:00", + "is_bridge": false, + "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", + "send_oct": 61, "mqueue_dropped": 0, - "mqueue_max": "infinity", - "inflight_cnt": 0, - "send_msg": 0, "send_pkt": 1, - "send_oct": 61, - "username": "guest", - "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", - "mailbox_len": 0, + "subscriptions_max": "infinity", "heap_size": 4185, - "proto_name": "STOMP", - "expiry_interval": 0, - "connected_at": "2021-12-07T10:44:02.721+08:00", + "awaiting_rel_max": "infinity", + "created_at": "2021-12-07T10:44:02.721+08:00", + "recv_pkt": 1, "port": 50675, + "mqueue_max": "infinity", + "awaiting_rel_cnt": 0, "mqueue_len": 0, "proto_ver": "1.0", - "ip_address": "127.0.0.1", + "connected_at": "2021-12-07T10:44:02.721+08:00", + "disconnected_at": null, "recv_msg": 0, + "username": "guest", + "mailbox_len": 0, + "inflight_max": "infinity", + "expiry_interval": 0, + "proto_name": "STOMP", + "subscriptions_cnt": 0, "connected": true, "reductions": 72022, - "recv_cnt": 1, - "awaiting_rel_cnt": 0, - "clean_start": true + "recv_cnt": 1 }, "summary": "General client info" } @@ -28318,7 +28494,6 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -28334,6 +28509,7 @@ "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -28360,11 +28536,11 @@ "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem" }, - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -28387,8 +28563,8 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple TCP listener example" @@ -28398,7 +28574,6 @@ "name": "dtls-psk", "type": "dtls", "bind": "22214", - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -28413,6 +28588,7 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A DTLS listener with PSK example" @@ -28430,8 +28606,8 @@ }, "user_id_type": "username" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A TCP listener with authentication example" @@ -28463,8 +28639,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple WebSocket listener example" @@ -28509,8 +28685,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple WebSocket/TLS listener example" @@ -28661,7 +28837,6 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -28677,6 +28852,7 @@ "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -28703,11 +28879,11 @@ "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem" }, - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -28730,8 +28906,8 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple TCP listener example" @@ -28741,7 +28917,6 @@ "name": "dtls-psk", "type": "dtls", "bind": "22214", - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -28756,6 +28931,7 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A DTLS listener with PSK example" @@ -28773,8 +28949,8 @@ }, "user_id_type": "username" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A TCP listener with authentication example" @@ -28806,8 +28982,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple WebSocket listener example" @@ -28852,8 +29028,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple WebSocket/TLS listener example" @@ -28959,7 +29135,6 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -28975,6 +29150,7 @@ "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -29001,11 +29177,11 @@ "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem" }, - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -29028,8 +29204,8 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple TCP listener example" @@ -29039,7 +29215,6 @@ "name": "dtls-psk", "type": "dtls", "bind": "22214", - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -29054,6 +29229,7 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A DTLS listener with PSK example" @@ -29071,8 +29247,8 @@ }, "user_id_type": "username" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A TCP listener with authentication example" @@ -29104,8 +29280,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple WebSocket listener example" @@ -29150,8 +29326,8 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, + "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple WebSocket/TLS listener example" @@ -29999,8 +30175,8 @@ "rate_max": 0 }, "resource_metrics": { - "matched": 0, "success": 0, + "matched": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -30025,8 +30201,8 @@ { "node": "emqx@127.0.0.1", "metrics": { - "matched": 0, "success": 0, + "matched": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -30541,11 +30717,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -30569,8 +30745,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -30882,8 +31058,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -31147,8 +31323,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -32092,8 +32268,8 @@ "rate_max": 0 }, "resource_metrics": { - "matched": 0, "success": 0, + "matched": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -32117,8 +32293,8 @@ { "node": "emqx@127.0.0.1", "metrics": { - "matched": 0, "success": 0, + "matched": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -32409,12 +32585,12 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, - "proxy_protocol": false, "max_connections": 204800, "access_rules": [ "allow all" ], + "acceptors": 16, + "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -32484,12 +32660,12 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, - "proxy_protocol": false, "max_connections": 204800, "access_rules": [ "allow all" ], + "acceptors": 16, + "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -32930,8 +33106,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -33158,8 +33334,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -33348,8 +33524,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -33610,8 +33786,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -33800,8 +33976,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -34460,9 +34636,9 @@ } ], "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, { @@ -34548,9 +34724,9 @@ } ], "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -34636,9 +34812,9 @@ }, "connector": "my_http_connector", "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -35412,11 +35588,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -35440,8 +35616,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -35557,11 +35733,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -35585,8 +35761,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -35694,11 +35870,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -35720,8 +35896,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -36189,11 +36365,11 @@ "nl": 0, "topic": "stomp/topic", "qos": 1, - "rap": 0, - "rh": 0, "sub_props": { "subid": "10" - } + }, + "rap": 0, + "rh": 0 }, "summary": "A STOMP subscription" } @@ -36270,11 +36446,11 @@ "nl": 0, "topic": "stomp/topic", "qos": 1, - "rap": 0, - "rh": 0, "sub_props": { "subid": "10" - } + }, + "rap": 0, + "rh": 0 }, "summary": "A STOMP subscription" } @@ -37906,8 +38082,8 @@ }, { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -38071,8 +38247,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -38262,8 +38438,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -39000,9 +39176,9 @@ }, "connector": "my_http_connector", "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -40617,8 +40793,8 @@ ], "idle_timeout": "30s", "mountpoint": "coap/", - "enable_stats": true, "connection_required": false, + "enable_stats": true, "notify_type": "qos", "publish_qos": "coap", "subscribe_qos": "coap" @@ -40709,7 +40885,7 @@ } }, "update_msg_publish_condition": "always", - "xml_dir": "/etc/emqx/lwm2m_xml" + "xml_dir": "etc/lwm2m_xml" }, "summary": "A simple LwM2M gateway config" }, @@ -40938,8 +41114,8 @@ "heartbeat": "30s", "idle_timeout": "30s", "mountpoint": "coap2/", - "enable_stats": true, "connection_required": false, + "enable_stats": true, "notify_type": "qos", "publish_qos": "coap", "subscribe_qos": "coap" @@ -41178,9 +41354,9 @@ } ], "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -41301,9 +41477,9 @@ } ], "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -41391,6 +41567,28 @@ } } } + }, + "503": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "SERVICE_UNAVAILABLE" + ] + }, + "message": { + "type": "string", + "description": "Service unavailable" + } + }, + "type": "object" + } + } + } } }, "summary": "Update bridge", @@ -41409,9 +41607,9 @@ }, "connector": "my_http_connector", "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -41882,8 +42080,36 @@ } ], "responses": { - "204": { - "description": "Imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -42216,7 +42442,7 @@ { "in": "query", "name": "clientid", - "description": "Query the banned objects with an exact client ID.", + "description": "Query the banning rules with an exact client ID.", "required": false, "schema": { "type": "string" @@ -42225,7 +42451,7 @@ { "in": "query", "name": "username", - "description": "Query the banned objects with an exact username.", + "description": "Query the banning rules with an exact username.", "required": false, "schema": { "type": "string" @@ -42234,7 +42460,7 @@ { "in": "query", "name": "peerhost", - "description": "Query the banned objects with an exact IP address.", + "description": "Query the banning rules with an exact IP address.", "required": false, "schema": { "type": "string" @@ -42244,7 +42470,7 @@ { "in": "query", "name": "like_clientid", - "description": "Fuzzy query banned objects with a regular expression for client ID.", + "description": "Fuzzy query banning rules with a regular expression for client ID.", "required": false, "schema": { "type": "string" @@ -42253,7 +42479,7 @@ { "in": "query", "name": "like_username", - "description": "Fuzzy query banned objects with a regular expression for username.", + "description": "Fuzzy query banning rules with a regular expression for username.", "required": false, "schema": { "type": "string" @@ -42262,7 +42488,7 @@ { "in": "query", "name": "like_peerhost", - "description": "Fuzzy query banned objects with a regular expression for IP address.", + "description": "Fuzzy query banning rules with a regular expression for IP address.", "required": false, "schema": { "type": "string" @@ -42272,7 +42498,7 @@ { "in": "query", "name": "like_peerhost_net", - "description": "Fuzzy query banned objects with a regular expression for CIDR.", + "description": "Fuzzy query banning rules with a regular expression for CIDR.", "required": false, "schema": { "type": "string" @@ -45436,12 +45662,12 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, - "proxy_protocol": false, "max_connections": 204800, "access_rules": [ "allow all" ], + "acceptors": 16, + "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -45532,12 +45758,12 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, - "proxy_protocol": false, "max_connections": 204800, "access_rules": [ "allow all" ], + "acceptors": 16, + "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -45629,12 +45855,12 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, - "proxy_protocol": false, "max_connections": 204800, "access_rules": [ "allow all" ], + "acceptors": 16, + "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -46571,8 +46797,36 @@ } ], "responses": { - "204": { - "description": "Imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -47692,11 +47946,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -47717,8 +47971,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -47802,11 +48056,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -47830,8 +48084,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -47919,11 +48173,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -47947,8 +48201,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { diff --git a/redocly/ce-zh.json b/redocly/ce-zh.json index c95342388..7fe947180 100644 --- a/redocly/ce-zh.json +++ b/redocly/ce-zh.json @@ -1,6 +1,6 @@ { "info": { - "version": "5.8.1", + "version": "5.8.2", "title": "EMQX API" }, "components": { @@ -627,7 +627,7 @@ "hash_topic", "hash_clientid" ], - "description": "The strategy to use for the initial subscriber pick when shared_subscription_strategy is `sticky`.
- `random`: Randomly select the subscriber;
- `local`: Randomly select a subscriber on the current node, if there are no subscribers on the current node, then randomly select within the cluster;
- `hash_clientid`: Hash the publisher's client ID to select a subscriber;
- `hash_topic`: Hash the publishing topic to select a subscriber." + "description": "当 shared_subscription_strategy 为 `sticky` 时,初始订阅者选择的策略。
- `random`: 随机选择订阅者;
- `local`: 随机选择当前节点上的订阅者,如果当前节点上没有订阅者,则在集群中随机选择;
- `hash_clientid`: 根据发布者的客户端 ID 进行哈希,选择订阅者;
- `hash_topic`: 根据发布的主题进行哈希,选择订阅者。" }, "exclusive_subscription": { "default": false, @@ -5009,6 +5009,12 @@ "format": "password", "description": "包含用户密码的字符串。仅在私钥文件受密码保护时使用。", "example": "" + }, + "hibernate_after": { + "default": "5s", + "type": "string", + "description": "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。

当有新消息到达时,休眠的进程将被唤醒。
过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。", + "example": "12m" } }, "type": "object" @@ -8215,7 +8221,7 @@ }, "actions.discarded": { "type": "integer", - "description": "The number of discarded actions due to action being disabled or race condition while action is being deleted.", + "description": "由于动作被停用或在动作被删除时发生竞态条件而导致丢弃的动作次数。", "minimum": 0 } }, @@ -10741,6 +10747,27 @@ "description": "消息保留时间。0 代表永久保留", "example": "32s" }, + "msg_expiry_interval_override": { + "default": "disabled", + "description": "If set, this value will take precedence over any `Message-Expiry-Interval` property specified in retained MQTT messages, allowing messages to expire earlier if necessary. This override only applies to the garbage collection process: it does not affect the expiry time of messages being written nor that of already written messages while iterating over them. Therefore, messages that are candidate for garbage collection when overridden may still be visible when subscribing to retained topics.", + "oneOf": [ + { + "type": "string", + "example": "32s" + }, + { + "type": "string", + "enum": [ + "disabled" + ] + } + ] + }, + "allow_never_expire": { + "default": true, + "type": "boolean", + "description": "If true, retained messages set to never expire (i.e., whose `Message-Expiry-Interval = 0`) are not affected by the expiry time override. This configuration only takes effect when `msg_expiry_interval_override` is set." + }, "msg_clear_interval": { "default": "0s", "type": "string", @@ -12741,6 +12768,25 @@ }, "type": "object" }, + "emqx_mgmt_api_data_backup.export_request_body": { + "properties": { + "table_sets": { + "type": "array", + "description": "Sets of tables to export. Exports all if omitted. Valid values:

- api_keys
- banned
- builtin_authn
- builtin_authz
- builtin_retainer
- dashboard_users
- psk
", + "items": { + "type": "string" + } + }, + "root_keys": { + "type": "array", + "description": "Sets of root configuration keys to export. Exports all if omitted.", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, "emqx_authn_api.response_user": { "required": [ "user_id" @@ -16968,7 +17014,7 @@ }, "actions.discarded": { "type": "integer", - "description": "The number of discarded actions due to action being disabled or race condition while action is being deleted.", + "description": "由于动作被停用或在动作被删除时发生竞态条件而导致丢弃的动作次数。", "minimum": 0 } }, @@ -18538,11 +18584,13 @@ "idle_poll_interval": { "default": "10s", "type": "string", + "description": "Expiry interval for poll requests sent by durable sessions to the storage.", "example": "12m" }, "heartbeat_interval": { "default": "5000ms", "type": "string", + "description": "Durable sessions back up their state on disc every heartbeat interval.

Heartbeat interval is also taken into account during garbage collection of expired sessions.
It is added to the session expiry time as a safety margin when precise time of session termination is not precisely known.", "example": "12m" }, "session_gc_interval": { @@ -18560,6 +18608,7 @@ "message_retention_period": { "default": "1d", "type": "string", + "description": "Broker keeps messages sent to the durable sessions for this period of time.", "example": "12m" } }, @@ -20338,11 +20387,20 @@ { "in": "query", "name": "aggregate", - "description": "Whether to aggregate all nodes Metrics", + "description": "Whether to aggregate all nodes Metrics. Default value is 'true'.", "required": false, "schema": { "type": "boolean" } + }, + { + "in": "query", + "name": "node", + "description": "Specify which specific node to fetch data from. If not provided, return values for all nodes. This parameter only works when 'aggregate' is 'false'.", + "required": false, + "schema": { + "type": "string" + } } ], "responses": { @@ -20684,8 +20742,36 @@ } ], "responses": { - "204": { - "description": "Users imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -21973,11 +22059,11 @@ "example": { "collectors": { "mnesia": "disabled", - "vm_dist": "disabled", - "vm_memory": "disabled", "vm_msacc": "disabled", + "vm_memory": "disabled", + "vm_system_info": "disabled", "vm_statistics": "disabled", - "vm_system_info": "disabled" + "vm_dist": "disabled" }, "enable_basic_auth": false, "push_gateway": { @@ -22019,11 +22105,11 @@ "example": { "collectors": { "mnesia": "disabled", - "vm_dist": "disabled", - "vm_memory": "disabled", "vm_msacc": "disabled", + "vm_memory": "disabled", + "vm_system_info": "disabled", "vm_statistics": "disabled", - "vm_system_info": "disabled" + "vm_dist": "disabled" }, "enable_basic_auth": false, "push_gateway": { @@ -22050,11 +22136,11 @@ "value": { "collectors": { "mnesia": "disabled", - "vm_dist": "disabled", - "vm_memory": "disabled", "vm_msacc": "disabled", + "vm_memory": "disabled", + "vm_system_info": "disabled", "vm_statistics": "disabled", - "vm_system_info": "disabled" + "vm_dist": "disabled" }, "enable_basic_auth": false, "push_gateway": { @@ -22077,12 +22163,12 @@ }, "push_gateway_server": "http://127.0.0.1:9091", "job_name": "${name}/instance/${name}~${host}", - "mnesia_collector": "disabled", - "vm_dist_collector": "disabled", - "vm_memory_collector": "disabled", "vm_msacc_collector": "disabled", + "vm_memory_collector": "disabled", + "vm_system_info_collector": "disabled", "vm_statistics_collector": "disabled", - "vm_system_info_collector": "disabled" + "mnesia_collector": "disabled", + "vm_dist_collector": "disabled" }, "summary": "legacy_deprecated_setting" } @@ -22287,8 +22373,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -22318,8 +22404,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -22525,8 +22611,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -22556,8 +22642,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -22715,8 +22801,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -22746,8 +22832,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -22997,8 +23083,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -23028,8 +23114,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -23187,8 +23273,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -23218,8 +23304,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -23377,7 +23463,6 @@ } } ], - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -23393,7 +23478,8 @@ "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, { "name": "ssl-def", @@ -23431,12 +23517,12 @@ } } ], - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, { "name": "tcp-def", @@ -23470,9 +23556,9 @@ } } ], - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, { "name": "ws-def", @@ -23515,9 +23601,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, { "name": "ws-ssl-def", @@ -23573,9 +23659,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, { "name": "dtls-psk", @@ -23596,7 +23682,6 @@ } } ], - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -23611,7 +23696,8 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, { "name": "tcp-with-authn", @@ -23640,9 +23726,9 @@ } } ], - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 } ], "schema": { @@ -23777,7 +23863,6 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -23793,7 +23878,8 @@ "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple DTLS listener example" }, @@ -23819,12 +23905,12 @@ "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem" }, - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple SSL listener example" }, @@ -23846,9 +23932,9 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple TCP listener example" }, @@ -23879,9 +23965,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple WebSocket listener example" }, @@ -23925,9 +24011,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple WebSocket/TLS listener example" }, @@ -23936,7 +24022,6 @@ "name": "dtls-psk", "type": "dtls", "bind": "22214", - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -23951,7 +24036,8 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A DTLS listener with PSK example" }, @@ -23968,9 +24054,9 @@ }, "user_id_type": "username" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A TCP listener with authentication example" } @@ -24075,7 +24161,6 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -24091,7 +24176,8 @@ "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple DTLS listener example" }, @@ -24117,12 +24203,12 @@ "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem" }, - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple SSL listener example" }, @@ -24144,9 +24230,9 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple TCP listener example" }, @@ -24177,9 +24263,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple WebSocket listener example" }, @@ -24223,9 +24309,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple WebSocket/TLS listener example" }, @@ -24234,7 +24320,6 @@ "name": "dtls-psk", "type": "dtls", "bind": "22214", - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -24249,7 +24334,8 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A DTLS listener with PSK example" }, @@ -24266,9 +24352,9 @@ }, "user_id_type": "username" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A TCP listener with authentication example" } @@ -26447,6 +26533,28 @@ } } } + }, + "503": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "SERVICE_UNAVAILABLE" + ] + }, + "message": { + "type": "string", + "description": "Service unavailable" + } + }, + "type": "object" + } + } + } } }, "summary": "Update source", @@ -26629,6 +26737,74 @@ } } } + }, + "400": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "BAD_REQUEST" + ] + }, + "message": { + "type": "string", + "description": "Invalid table sets: bar, foo" + } + }, + "type": "object" + } + } + } + }, + "500": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "BAD_REQUEST" + ] + }, + "message": { + "type": "string", + "description": "Error processing export: ..." + } + }, + "type": "object" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "example": { + "root_keys": [ + "connectors", + "actions", + "sources", + "rule_engine", + "schema_registry" + ], + "table_sets": [ + "banned", + "builtin_authn", + "builtin_authn_scram", + "builtin_authz" + ] + }, + "schema": { + "$ref": "#/components/schemas/emqx_mgmt_api_data_backup.export_request_body" + } + } } }, "security": [ @@ -26727,41 +26903,41 @@ "lwm2m_client": { "value": { "recv_oct": 56, - "subscriptions_max": "infinity", + "awaiting_rel_cnt": 0, "mqueue_max": "infinity", - "mailbox_len": 0, - "send_msg": 0, - "keepalive": 0, + "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", + "proto_name": "LwM2M", "send_pkt": 1, + "keepalive": 0, "node": "emqx@127.0.0.1", "send_cnt": 1, - "ip_address": "127.0.0.1", - "proto_ver": "1.0", + "clean_start": true, + "inflight_cnt": 0, + "is_bridge": false, "mqueue_dropped": 0, - "expiry_interval": 0, - "lifetime": 86400, + "mailbox_len": 0, "send_oct": 61, - "username": "guest", - "created_at": "2021-12-07T10:44:02.721+08:00", + "subscriptions_cnt": 0, + "disconnected_at": null, + "subscriptions_max": "infinity", "heap_size": 4185, - "proto_name": "LwM2M", - "mqueue_len": 0, + "proto_ver": "1.0", + "created_at": "2021-12-07T10:44:02.721+08:00", "port": 50675, - "awaiting_rel_max": "infinity", - "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", - "inflight_max": "infinity", - "is_bridge": false, - "clean_start": true, - "endpoint_name": "urn:imei:154928475237123", - "disconnected_at": null, + "lifetime": 86400, + "mqueue_len": 0, "recv_msg": 0, - "awaiting_rel_cnt": 0, - "subscriptions_cnt": 0, "connected_at": "2021-12-07T10:44:02.721+08:00", + "send_msg": 0, + "recv_pkt": 1, + "awaiting_rel_max": "infinity", + "username": "guest", + "endpoint_name": "urn:imei:154928475237123", + "expiry_interval": 0, "connected": true, "reductions": 72022, - "recv_pkt": 1, - "inflight_cnt": 0, + "inflight_max": "infinity", + "ip_address": "127.0.0.1", "recv_cnt": 1 }, "summary": "LwM2M client info" @@ -26769,39 +26945,39 @@ "general_client": { "value": { "recv_oct": 56, - "subscriptions_max": "infinity", + "awaiting_rel_cnt": 0, "mqueue_max": "infinity", - "mailbox_len": 0, - "send_msg": 0, - "keepalive": 0, + "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", + "proto_name": "STOMP", "send_pkt": 1, + "keepalive": 0, "node": "emqx@127.0.0.1", "send_cnt": 1, - "ip_address": "127.0.0.1", - "proto_ver": "1.0", + "clean_start": true, + "inflight_cnt": 0, + "is_bridge": false, "mqueue_dropped": 0, - "expiry_interval": 0, + "mailbox_len": 0, "send_oct": 61, - "username": "guest", - "created_at": "2021-12-07T10:44:02.721+08:00", + "subscriptions_cnt": 0, + "disconnected_at": null, + "subscriptions_max": "infinity", "heap_size": 4185, - "proto_name": "STOMP", - "mqueue_len": 0, + "proto_ver": "1.0", + "created_at": "2021-12-07T10:44:02.721+08:00", "port": 50675, - "awaiting_rel_max": "infinity", - "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", - "inflight_max": "infinity", - "is_bridge": false, - "clean_start": true, - "disconnected_at": null, + "mqueue_len": 0, "recv_msg": 0, - "awaiting_rel_cnt": 0, - "subscriptions_cnt": 0, "connected_at": "2021-12-07T10:44:02.721+08:00", + "send_msg": 0, + "recv_pkt": 1, + "awaiting_rel_max": "infinity", + "username": "guest", + "expiry_interval": 0, "connected": true, "reductions": 72022, - "recv_pkt": 1, - "inflight_cnt": 0, + "inflight_max": "infinity", + "ip_address": "127.0.0.1", "recv_cnt": 1 }, "summary": "General client info" @@ -28318,7 +28494,6 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -28334,7 +28509,8 @@ "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple DTLS listener example" }, @@ -28360,12 +28536,12 @@ "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem" }, - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple SSL listener example" }, @@ -28387,9 +28563,9 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple TCP listener example" }, @@ -28420,9 +28596,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple WebSocket listener example" }, @@ -28466,9 +28642,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple WebSocket/TLS listener example" }, @@ -28477,7 +28653,6 @@ "name": "dtls-psk", "type": "dtls", "bind": "22214", - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -28492,7 +28667,8 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A DTLS listener with PSK example" }, @@ -28509,9 +28685,9 @@ }, "user_id_type": "username" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A TCP listener with authentication example" } @@ -28661,7 +28837,6 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -28677,7 +28852,8 @@ "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple DTLS listener example" }, @@ -28703,12 +28879,12 @@ "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem" }, - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple SSL listener example" }, @@ -28730,9 +28906,9 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple TCP listener example" }, @@ -28763,9 +28939,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple WebSocket listener example" }, @@ -28809,9 +28985,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple WebSocket/TLS listener example" }, @@ -28820,7 +28996,6 @@ "name": "dtls-psk", "type": "dtls", "bind": "22214", - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -28835,7 +29010,8 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A DTLS listener with PSK example" }, @@ -28852,9 +29028,9 @@ }, "user_id_type": "username" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A TCP listener with authentication example" } @@ -28959,7 +29135,6 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "dtls_options": { "verify": "verify_none", "versions": [ @@ -28975,7 +29150,8 @@ "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple DTLS listener example" }, @@ -29001,12 +29177,12 @@ "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem" }, - "acceptors": 16, "max_connections": 1024000, "access_rules": [ "allow all" ], - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple SSL listener example" }, @@ -29028,9 +29204,9 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple TCP listener example" }, @@ -29061,9 +29237,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple WebSocket listener example" }, @@ -29107,9 +29283,9 @@ "check_origin_enable": false, "piggyback": "single" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A simple WebSocket/TLS listener example" }, @@ -29118,7 +29294,6 @@ "name": "dtls-psk", "type": "dtls", "bind": "22214", - "acceptors": 16, "dtls_options": { "verify": "verify_none", "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", @@ -29133,7 +29308,8 @@ "user_lookup_fun": "emqx_tls_psk:lookup" }, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A DTLS listener with PSK example" }, @@ -29150,9 +29326,9 @@ }, "user_id_type": "username" }, - "acceptors": 16, "max_connections": 1024000, - "max_conn_rate": 1000 + "max_conn_rate": 1000, + "acceptors": 16 }, "summary": "A TCP listener with authentication example" } @@ -30266,6 +30442,7 @@ "current_connections": 0 } ], + "max_connections": 1024000, "listeners": [ { "id": "lwm2m:udp:default", @@ -30274,7 +30451,6 @@ "type": "udp" } ], - "max_connections": 1024000, "created_at": "2021-12-08T14:41:26.171+08:00", "current_connections": 0 }, @@ -30289,6 +30465,7 @@ "current_connections": 0 } ], + "max_connections": 1024000, "listeners": [ { "id": "mqttsn:udp:default", @@ -30297,10 +30474,9 @@ "type": "udp" } ], - "max_connections": 1024000, "created_at": "2021-12-08T14:41:45.071+08:00", - "current_connections": 0, - "stopped_at": "2021-12-08T14:56:35.576+08:00" + "stopped_at": "2021-12-08T14:56:35.576+08:00", + "current_connections": 0 }, { "name": "stomp", @@ -30314,6 +30490,7 @@ "current_connections": 0 } ], + "max_connections": 1024000, "listeners": [ { "id": "stomp:tcp:default", @@ -30322,7 +30499,6 @@ "type": "tcp" } ], - "max_connections": 1024000, "created_at": "2021-12-08T14:42:15.272+08:00", "current_connections": 0 } @@ -30535,17 +30711,17 @@ "pool_size": 4, "enable": true, "body": "${payload}", - "url": "http://localhost:9901/messages/${topic}", "method": "post", + "url": "http://localhost:9901/messages/${topic}", "max_retries": 3, "request_timeout": "15s", "pool_type": "random", "resource_opts": { "worker_pool_size": 1, "query_mode": "async", + "health_check_interval": 15000, "max_buffer_bytes": 104857600, - "inflight_window": 100, - "health_check_interval": 15000 + "inflight_window": 100 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -30570,8 +30746,8 @@ "max_inflight": 100, "resource_opts": { "query_mode": "sync", - "max_buffer_bytes": 104857600, - "health_check_interval": "15s" + "health_check_interval": "15s", + "max_buffer_bytes": 104857600 }, "ingress": { "local": { @@ -30851,8 +31027,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -30882,8 +31058,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -31116,8 +31292,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -31147,8 +31323,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -32409,12 +32585,12 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, - "proxy_protocol": false, "max_connections": 204800, "access_rules": [ "allow all" ], + "acceptors": 16, + "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -32484,12 +32660,12 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, - "proxy_protocol": false, "max_connections": 204800, "access_rules": [ "allow all" ], + "acceptors": 16, + "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -32899,8 +33075,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -32930,8 +33106,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -33127,8 +33303,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -33158,8 +33334,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -33317,8 +33493,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -33348,8 +33524,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -33579,8 +33755,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -33610,8 +33786,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -33769,8 +33945,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -33800,8 +33976,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -35406,17 +35582,17 @@ "pool_size": 4, "enable": true, "body": "${payload}", - "url": "http://localhost:9901/messages/${topic}", "method": "post", + "url": "http://localhost:9901/messages/${topic}", "max_retries": 3, "request_timeout": "15s", "pool_type": "random", "resource_opts": { "worker_pool_size": 1, "query_mode": "async", + "health_check_interval": 15000, "max_buffer_bytes": 104857600, - "inflight_window": 100, - "health_check_interval": 15000 + "inflight_window": 100 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -35441,8 +35617,8 @@ "max_inflight": 100, "resource_opts": { "query_mode": "sync", - "max_buffer_bytes": 104857600, - "health_check_interval": "15s" + "health_check_interval": "15s", + "max_buffer_bytes": 104857600 }, "ingress": { "local": { @@ -35551,17 +35727,17 @@ "pool_size": 4, "enable": true, "body": "${payload}", - "url": "http://localhost:9901/messages/${topic}", "method": "post", + "url": "http://localhost:9901/messages/${topic}", "max_retries": 3, "request_timeout": "15s", "pool_type": "random", "resource_opts": { "worker_pool_size": 1, "query_mode": "async", + "health_check_interval": 15000, "max_buffer_bytes": 104857600, - "inflight_window": 100, - "health_check_interval": 15000 + "inflight_window": 100 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -35586,8 +35762,8 @@ "max_inflight": 100, "resource_opts": { "query_mode": "sync", - "max_buffer_bytes": 104857600, - "health_check_interval": "15s" + "health_check_interval": "15s", + "max_buffer_bytes": 104857600 }, "ingress": { "local": { @@ -35688,17 +35864,17 @@ "pool_size": 4, "enable": true, "body": "${payload}", - "url": "http://localhost:9901/messages/${topic}", "method": "post", + "url": "http://localhost:9901/messages/${topic}", "max_retries": 3, "request_timeout": "15s", "pool_type": "random", "resource_opts": { "worker_pool_size": 1, "query_mode": "async", + "health_check_interval": 15000, "max_buffer_bytes": 104857600, - "inflight_window": 100, - "health_check_interval": 15000 + "inflight_window": 100 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -35721,8 +35897,8 @@ "max_inflight": 100, "resource_opts": { "query_mode": "sync", - "max_buffer_bytes": 104857600, - "health_check_interval": "15s" + "health_check_interval": "15s", + "max_buffer_bytes": 104857600 }, "ingress": { "local": { @@ -37881,8 +38057,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -37906,8 +38082,8 @@ }, { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -38040,8 +38216,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -38071,8 +38247,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -38231,8 +38407,8 @@ "headers": { "content-type": "application/json" }, - "url": "http://127.0.0.1:18083", "method": "post", + "url": "http://127.0.0.1:18083", "backend": "http", "request_timeout": "5s", "enable_pipelining": 100 @@ -38262,8 +38438,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -40617,8 +40793,8 @@ ], "idle_timeout": "30s", "mountpoint": "coap/", - "connection_required": false, "enable_stats": true, + "connection_required": false, "notify_type": "qos", "publish_qos": "coap", "subscribe_qos": "coap" @@ -40709,7 +40885,7 @@ } }, "update_msg_publish_condition": "always", - "xml_dir": "/etc/emqx/lwm2m_xml" + "xml_dir": "etc/lwm2m_xml" }, "summary": "A simple LwM2M gateway config" }, @@ -40938,8 +41114,8 @@ "heartbeat": "30s", "idle_timeout": "30s", "mountpoint": "coap2/", - "connection_required": false, "enable_stats": true, + "connection_required": false, "notify_type": "qos", "publish_qos": "coap", "subscribe_qos": "coap" @@ -41391,6 +41567,28 @@ } } } + }, + "503": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "SERVICE_UNAVAILABLE" + ] + }, + "message": { + "type": "string", + "description": "Service unavailable" + } + }, + "type": "object" + } + } + } } }, "summary": "Update bridge", @@ -41882,8 +42080,36 @@ } ], "responses": { - "204": { - "description": "Imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -42216,7 +42442,7 @@ { "in": "query", "name": "clientid", - "description": "Query the banned objects with an exact client ID.", + "description": "使用精确的客户端 ID 查询封禁规则。", "required": false, "schema": { "type": "string" @@ -42225,7 +42451,7 @@ { "in": "query", "name": "username", - "description": "Query the banned objects with an exact username.", + "description": "使用精确的用户名查询封禁规则。", "required": false, "schema": { "type": "string" @@ -42234,7 +42460,7 @@ { "in": "query", "name": "peerhost", - "description": "Query the banned objects with an exact IP address.", + "description": "使用精确的 IP 地址查询封禁规则。", "required": false, "schema": { "type": "string" @@ -42244,7 +42470,7 @@ { "in": "query", "name": "like_clientid", - "description": "Fuzzy query banned objects with a regular expression for client ID.", + "description": "使用客户端 ID 正则表达式来匹配查询封禁规则。", "required": false, "schema": { "type": "string" @@ -42253,7 +42479,7 @@ { "in": "query", "name": "like_username", - "description": "Fuzzy query banned objects with a regular expression for username.", + "description": "使用用户名正则表达式来匹配查询被封禁规则。", "required": false, "schema": { "type": "string" @@ -42262,7 +42488,7 @@ { "in": "query", "name": "like_peerhost", - "description": "Fuzzy query banned objects with a regular expression for IP address.", + "description": "使用 IP 地址正则表达式来匹配查询被封禁规则。", "required": false, "schema": { "type": "string" @@ -42272,7 +42498,7 @@ { "in": "query", "name": "like_peerhost_net", - "description": "Fuzzy query banned objects with a regular expression for CIDR.", + "description": "使用 CIDR 正则表达式来匹配查询被封禁规则。", "required": false, "schema": { "type": "string" @@ -45436,12 +45662,12 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, - "proxy_protocol": false, "max_connections": 204800, "access_rules": [ "allow all" ], + "acceptors": 16, + "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -45532,12 +45758,12 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, - "proxy_protocol": false, "max_connections": 204800, "access_rules": [ "allow all" ], + "acceptors": 16, + "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -45629,12 +45855,12 @@ "backlog": 1024, "active_n": 100 }, - "acceptors": 16, - "proxy_protocol": false, "max_connections": 204800, "access_rules": [ "allow all" ], + "acceptors": 16, + "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -46571,8 +46797,36 @@ } ], "responses": { - "204": { - "description": "Imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -47686,17 +47940,17 @@ "pool_size": 4, "enable": true, "body": "${payload}", - "url": "http://localhost:9901/messages/${topic}", "method": "post", + "url": "http://localhost:9901/messages/${topic}", "max_retries": 3, "request_timeout": "15s", "pool_type": "random", "resource_opts": { "worker_pool_size": 1, "query_mode": "async", + "health_check_interval": 15000, "max_buffer_bytes": 104857600, - "inflight_window": 100, - "health_check_interval": 15000 + "inflight_window": 100 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -47718,8 +47972,8 @@ "max_inflight": 100, "resource_opts": { "query_mode": "sync", - "max_buffer_bytes": 104857600, - "health_check_interval": "15s" + "health_check_interval": "15s", + "max_buffer_bytes": 104857600 }, "ingress": { "local": { @@ -47796,17 +48050,17 @@ "pool_size": 4, "enable": true, "body": "${payload}", - "url": "http://localhost:9901/messages/${topic}", "method": "post", + "url": "http://localhost:9901/messages/${topic}", "max_retries": 3, "request_timeout": "15s", "pool_type": "random", "resource_opts": { "worker_pool_size": 1, "query_mode": "async", + "health_check_interval": 15000, "max_buffer_bytes": 104857600, - "inflight_window": 100, - "health_check_interval": 15000 + "inflight_window": 100 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -47831,8 +48085,8 @@ "max_inflight": 100, "resource_opts": { "query_mode": "sync", - "max_buffer_bytes": 104857600, - "health_check_interval": "15s" + "health_check_interval": "15s", + "max_buffer_bytes": 104857600 }, "ingress": { "local": { @@ -47913,17 +48167,17 @@ "pool_size": 4, "enable": true, "body": "${payload}", - "url": "http://localhost:9901/messages/${topic}", "method": "post", + "url": "http://localhost:9901/messages/${topic}", "max_retries": 3, "request_timeout": "15s", "pool_type": "random", "resource_opts": { "worker_pool_size": 1, "query_mode": "async", + "health_check_interval": 15000, "max_buffer_bytes": 104857600, - "inflight_window": 100, - "health_check_interval": 15000 + "inflight_window": 100 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -47948,8 +48202,8 @@ "max_inflight": 100, "resource_opts": { "query_mode": "sync", - "max_buffer_bytes": 104857600, - "health_check_interval": "15s" + "health_check_interval": "15s", + "max_buffer_bytes": 104857600 }, "ingress": { "local": { diff --git a/redocly/ee-en.json b/redocly/ee-en.json index 6a4fc21bd..fc52ddb89 100644 --- a/redocly/ee-en.json +++ b/redocly/ee-en.json @@ -1,6 +1,6 @@ { "info": { - "version": "5.8.1", + "version": "5.8.2", "title": "EMQX Enterprise API" }, "components": { @@ -2096,6 +2096,11 @@ ], "description": "InfluxDB time precision." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -3696,6 +3701,11 @@ ], "description": "InfluxDB time precision." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -3808,6 +3818,11 @@ ], "description": "InfluxDB time precision." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -7939,6 +7954,11 @@ ], "description": "InfluxDB time precision." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -11431,6 +11451,12 @@ "format": "password", "description": "String containing the user's password. Only used if the private key file is password-protected.", "example": "" + }, + "hibernate_after": { + "default": "5s", + "type": "string", + "description": "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.

The hibernating process will be woken up when a new message arrives.
Hibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.", + "example": "12m" } }, "type": "object" @@ -13732,6 +13758,11 @@ ], "description": "InfluxDB time precision." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -20837,6 +20868,11 @@ "type": "string", "description": "The IPv4 or IPv6 address or the hostname to connect to.

A host entry has the following form: `Host[:Port]`.

The Datalayers default port 8361 is used if `[:Port]` is not specified." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "Set of parameters specific for the given type of this Datalayers connector.", "oneOf": [ @@ -25893,6 +25929,11 @@ ], "description": "InfluxDB time precision." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -27345,6 +27386,27 @@ "description": "Expired retained messages will not be delivered again, and a setting of 0 means that retained messages will never expire.

However, if the `Message-Expiry-Interval` property is specified in the MQTT message, the value of that property prevails.", "example": "32s" }, + "msg_expiry_interval_override": { + "default": "disabled", + "description": "If set, this value will take precedence over any `Message-Expiry-Interval` property specified in retained MQTT messages, allowing messages to expire earlier if necessary. This override only applies to the garbage collection process: it does not affect the expiry time of messages being written nor that of already written messages while iterating over them. Therefore, messages that are candidate for garbage collection when overridden may still be visible when subscribing to retained topics.", + "oneOf": [ + { + "type": "string", + "example": "32s" + }, + { + "type": "string", + "enum": [ + "disabled" + ] + } + ] + }, + "allow_never_expire": { + "default": true, + "type": "boolean", + "description": "If true, retained messages set to never expire (i.e., whose `Message-Expiry-Interval = 0`) are not affected by the expiry time override. This configuration only takes effect when `msg_expiry_interval_override` is set." + }, "msg_clear_interval": { "default": "0s", "type": "string", @@ -29863,6 +29925,11 @@ "type": "string", "description": "The IPv4 or IPv6 address or the hostname to connect to.

A host entry has the following form: `Host[:Port]`.

The InfluxDB default port 8086 is used if `[:Port]` is not specified." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "Set of parameters specific for the given type of this InfluxDB connector, `influxdb_type` can be one of `influxdb_api_v1`, `influxdb_api_v1`.", "oneOf": [ @@ -32700,6 +32767,25 @@ }, "type": "object" }, + "emqx_mgmt_api_data_backup.export_request_body": { + "properties": { + "table_sets": { + "type": "array", + "description": "Sets of tables to export. Exports all if omitted. Valid values:

- api_keys
- banned
- builtin_authn
- builtin_authz
- builtin_retainer
- dashboard_users
- psk
", + "items": { + "type": "string" + } + }, + "root_keys": { + "type": "array", + "description": "Sets of root configuration keys to export. Exports all if omitted.", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, "bridge_redis.get_cluster": { "required": [ "command_template", @@ -34075,6 +34161,11 @@ "type": "string", "description": "The IPv4 or IPv6 address or the hostname to connect to.

A host entry has the following form: `Host[:Port]`.

The Datalayers default port 8361 is used if `[:Port]` is not specified." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "Set of parameters specific for the given type of this Datalayers connector.", "oneOf": [ @@ -37150,10 +37241,16 @@ "type": "string", "description": "Consumer group identifier to be used for this source. If omitted, one based off the source name will be automatically generated." }, + "max_wait_time": { + "default": "1s", + "type": "string", + "description": "Maximum amount of time that is waited for the Kafka broker to send a fetch response.", + "example": "32s" + }, "max_batch_bytes": { "default": "896KB", "type": "string", - "description": "Set how many bytes to pull from Kafka in each fetch request. Please note that if the configured value is smaller than the message size in Kafka, it may negatively impact the fetch performance.", + "description": "Set how many bytes to pull from Kafka in each fetch request.
Messages are fetched in batches by the consumer, and if the first record batch in the first non-empty
partition of the fetch is larger than this value, the record batch will still be returned to ensure
that the consumer can make progress. As such, this is not an absolute maximum. Set `1` for minimal latency.", "example": "32MB" }, "offset_reset_policy": { @@ -45466,6 +45563,11 @@ "type": "string", "description": "The IPv4 or IPv6 address or the hostname to connect to.

A host entry has the following form: `Host[:Port]`.

The InfluxDB default port 8086 is used if `[:Port]` is not specified." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "Set of parameters specific for the given type of this InfluxDB connector, `influxdb_type` can be one of `influxdb_api_v1`, `influxdb_api_v1`.", "oneOf": [ @@ -45823,6 +45925,11 @@ "type": "string", "description": "The IPv4 or IPv6 address or the hostname to connect to.

A host entry has the following form: `Host[:Port]`.

The InfluxDB default port 8086 is used if `[:Port]` is not specified." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "Set of parameters specific for the given type of this InfluxDB connector, `influxdb_type` can be one of `influxdb_api_v1`, `influxdb_api_v1`.", "oneOf": [ @@ -47231,6 +47338,11 @@ "type": "string", "description": "The IPv4 or IPv6 address or the hostname to connect to.

A host entry has the following form: `Host[:Port]`.

The Datalayers default port 8361 is used if `[:Port]` is not specified." }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "Set of parameters specific for the given type of this Datalayers connector.", "oneOf": [ @@ -47504,7 +47616,7 @@ "site": { "type": "string", "description": "Site ID", - "example": "04685EF9289AD005" + "example": "F7073C22D3F85180" }, "status": { "type": "string", @@ -49307,7 +49419,7 @@ "enable": { "default": false, "type": "boolean", - "description": "Use durable storage for client sessions persistence.
If enabled, sessions configured to outlive client connections, along with their corresponding messages, will be durably stored and survive broker downtime.

:::warning
This feature is currently experimental. Please don't enable it in the production environments that contain valuable data.
:::" + "description": "Use durable storage for client sessions persistence.
If enabled, sessions configured to outlive client connections, along with their corresponding messages, will be durably stored and survive broker downtime.

:::warning
Messages sent to the durable sessions are saved on disc.
This inevitably limits the overall throughput of the system.
:::" }, "batch_size": { "default": 100, @@ -49318,11 +49430,13 @@ "idle_poll_interval": { "default": "10s", "type": "string", + "description": "Expiry interval for poll requests sent by durable sessions to the storage.", "example": "12m" }, "heartbeat_interval": { "default": "5000ms", "type": "string", + "description": "Durable sessions back up their state on disc every heartbeat interval.

Heartbeat interval is also taken into account during garbage collection of expired sessions.
It is added to the session expiry time as a safety margin when precise time of session termination is not precisely known.", "example": "12m" }, "session_gc_interval": { @@ -49340,6 +49454,7 @@ "message_retention_period": { "default": "1d", "type": "string", + "description": "Broker keeps messages sent to the durable sessions for this period of time.", "example": "12m" } }, @@ -49616,7 +49731,7 @@ "max_batch_bytes": { "default": "896KB", "type": "string", - "description": "Set how many bytes to pull from Kafka in each fetch request. Please note that if the configured value is smaller than the message size in Kafka, it may negatively impact the fetch performance.", + "description": "Set how many bytes to pull from Kafka in each fetch request.
Messages are fetched in batches by the consumer, and if the first record batch in the first non-empty
partition of the fetch is larger than this value, the record batch will still be returned to ensure
that the consumer can make progress. As such, this is not an absolute maximum. Set `1` for minimal latency.", "example": "32MB" }, "offset_reset_policy": { @@ -54416,11 +54531,20 @@ { "in": "query", "name": "aggregate", - "description": "Whether to aggregate all nodes Metrics", + "description": "Whether to aggregate all nodes Metrics. Default value is 'true'.", "required": false, "schema": { "type": "boolean" } + }, + { + "in": "query", + "name": "node", + "description": "Specify which specific node to fetch data from. If not provided, return values for all nodes. This parameter only works when 'aggregate' is 'false'.", + "required": false, + "schema": { + "type": "string" + } } ], "responses": { @@ -54762,8 +54886,36 @@ } ], "responses": { - "204": { - "description": "Users imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -55618,14 +55770,14 @@ "key": "topic" } ], - "failure_action": "drop", "log_failure": { "level": "info" }, - "payload_encoder": { + "failure_action": "drop", + "payload_decoder": { "type": "json" }, - "payload_decoder": { + "payload_encoder": { "type": "json" } }, @@ -55645,14 +55797,14 @@ "key": "topic" } ], - "failure_action": "drop", "log_failure": { "level": "info" }, - "payload_encoder": { + "failure_action": "drop", + "payload_decoder": { "type": "json" }, - "payload_decoder": { + "payload_encoder": { "type": "json" } } @@ -55712,14 +55864,14 @@ "key": "topic" } ], - "failure_action": "drop", "log_failure": { "level": "info" }, - "payload_encoder": { + "failure_action": "drop", + "payload_decoder": { "type": "json" }, - "payload_decoder": { + "payload_encoder": { "type": "json" } }, @@ -55799,14 +55951,14 @@ "key": "topic" } ], - "failure_action": "drop", "log_failure": { "level": "info" }, - "payload_encoder": { + "failure_action": "drop", + "payload_decoder": { "type": "json" }, - "payload_decoder": { + "payload_encoder": { "type": "json" } }, @@ -55857,14 +56009,14 @@ "key": "topic" } ], - "failure_action": "drop", "log_failure": { "level": "info" }, - "payload_encoder": { + "failure_action": "drop", + "payload_decoder": { "type": "json" }, - "payload_decoder": { + "payload_encoder": { "type": "json" } }, @@ -55922,14 +56074,14 @@ "key": "topic" } ], - "failure_action": "drop", "log_failure": { "level": "info" }, - "payload_encoder": { + "failure_action": "drop", + "payload_decoder": { "type": "json" }, - "payload_decoder": { + "payload_encoder": { "type": "json" } }, @@ -55994,8 +56146,8 @@ "test": { "value": { "message": { - "retain": true, "user_property": {}, + "retain": true, "payload": "{}", "client_attrs": {}, "topic": "t/u/v", @@ -56017,14 +56169,14 @@ "key": "topic" } ], - "failure_action": "drop", "log_failure": { "level": "info" }, - "payload_encoder": { + "failure_action": "drop", + "payload_decoder": { "type": "json" }, - "payload_decoder": { + "payload_encoder": { "type": "json" } } @@ -57156,12 +57308,12 @@ "examples": { "evacuation": { "wait_takeover": "10s", + "wait_health_check": "10s", "sess_evict_rate": 100, - "conn_evict_rate": 100, "migrate_to": [ "othernode@127.0.0.1" ], - "wait_health_check": "10s", + "conn_evict_rate": 100, "redirect_to": "othernode:1883" } }, @@ -57296,8 +57448,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -57546,8 +57698,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -57745,8 +57897,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -58042,8 +58194,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -58241,8 +58393,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -58413,6 +58565,7 @@ } } ], + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -58427,7 +58580,6 @@ "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, { @@ -58467,10 +58619,10 @@ } } ], + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, { @@ -58510,57 +58662,26 @@ "max_conn_rate": 1000 }, { - "name": "dtls-psk", - "status": { - "running": true, - "max_connections": 1024000, - "current_connections": 10 - }, - "type": "dtls", - "bind": "22214", - "max_connections": 1024000, - "node_status": [ - { - "node": "emqx@127.0.0.1", - "status": { - "running": true, - "max_connections": 1024000, - "current_connections": 10 - } - } - ], - "dtls_options": { - "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", - "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", - "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", - "verify": "verify_none", - "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", - "versions": [ - "dtlsv1.2", - "dtlsv1" - ], - "fail_if_no_peer_cert": false, - "user_lookup_fun": "emqx_tls_psk:lookup" - }, - "acceptors": 16, - "max_conn_rate": 1000 - }, - { - "name": "tcp-with-authn", + "name": "ws-def", "status": { "running": true, "max_connections": 1024000, "current_connections": 10 }, - "type": "tcp", - "bind": "22215", - "authentication": { - "mechanism": "password_based", - "backend": "built_in_database", - "password_hash_algorithm": { - "name": "sha256" - }, - "user_id_type": "username" + "type": "ws", + "bind": "33043", + "tcp_options": { + "buffer": "10KB", + "high_watermark": "1MB", + "keepalive": "none", + "nodelay": false, + "recbuf": "10KB", + "reuseaddr": true, + "send_timeout": "15s", + "send_timeout_close": true, + "sndbuf": "10KB", + "backlog": 1024, + "active_n": 100 }, "max_connections": 1024000, "node_status": [ @@ -58573,18 +58694,27 @@ } } ], + "websocket": { + "path": "/ocpp", + "compress": false, + "fail_if_no_subprotocol": true, + "supported_subprotocols": "ocpp1.6", + "check_origins": "http://localhost:18083, http://127.0.0.1:18083", + "check_origin_enable": false, + "piggyback": "single" + }, "acceptors": 16, "max_conn_rate": 1000 }, { - "name": "ws-def", + "name": "ws-ssl-def", "status": { "running": true, "max_connections": 1024000, "current_connections": 10 }, - "type": "ws", - "bind": "33043", + "type": "wss", + "bind": "33053", "tcp_options": { "buffer": "10KB", "high_watermark": "1MB", @@ -58599,6 +58729,19 @@ "active_n": 100 }, "max_connections": 1024000, + "ssl_options": { + "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", + "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", + "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", + "verify": "verify_none", + "versions": [ + "tlsv1.3", + "tlsv1.2", + "tlsv1.1", + "tlsv1" + ], + "fail_if_no_peer_cert": false + }, "node_status": [ { "node": "emqx@127.0.0.1", @@ -58622,41 +58765,59 @@ "max_conn_rate": 1000 }, { - "name": "ws-ssl-def", + "name": "dtls-psk", "status": { "running": true, "max_connections": 1024000, "current_connections": 10 }, - "type": "wss", - "bind": "33053", - "tcp_options": { - "buffer": "10KB", - "high_watermark": "1MB", - "keepalive": "none", - "nodelay": false, - "recbuf": "10KB", - "reuseaddr": true, - "send_timeout": "15s", - "send_timeout_close": true, - "sndbuf": "10KB", - "backlog": 1024, - "active_n": 100 - }, + "type": "dtls", + "bind": "22214", "max_connections": 1024000, - "ssl_options": { + "node_status": [ + { + "node": "emqx@127.0.0.1", + "status": { + "running": true, + "max_connections": 1024000, + "current_connections": 10 + } + } + ], + "acceptors": 16, + "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", "verify": "verify_none", + "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", "versions": [ - "tlsv1.3", - "tlsv1.2", - "tlsv1.1", - "tlsv1" + "dtlsv1.2", + "dtlsv1" ], - "fail_if_no_peer_cert": false + "fail_if_no_peer_cert": false, + "user_lookup_fun": "emqx_tls_psk:lookup" + }, + "max_conn_rate": 1000 + }, + { + "name": "tcp-with-authn", + "status": { + "running": true, + "max_connections": 1024000, + "current_connections": 10 + }, + "type": "tcp", + "bind": "22215", + "authentication": { + "mechanism": "password_based", + "backend": "built_in_database", + "password_hash_algorithm": { + "name": "sha256" + }, + "user_id_type": "username" }, + "max_connections": 1024000, "node_status": [ { "node": "emqx@127.0.0.1", @@ -58667,15 +58828,6 @@ } } ], - "websocket": { - "path": "/ocpp", - "compress": false, - "fail_if_no_subprotocol": true, - "supported_subprotocols": "ocpp1.6", - "check_origins": "http://localhost:18083, http://127.0.0.1:18083", - "check_origin_enable": false, - "piggyback": "single" - }, "acceptors": 16, "max_conn_rate": 1000 } @@ -58816,6 +58968,7 @@ "active_n": 100 }, "max_connections": 1024000, + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -58830,7 +58983,6 @@ "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -58858,10 +59010,10 @@ ], "fail_if_no_peer_cert": false }, + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -58890,49 +59042,6 @@ }, "summary": "A simple TCP listener example" }, - "dtls_listener_with_psk_ciphers": { - "value": { - "name": "dtls-psk", - "type": "dtls", - "bind": "22214", - "max_connections": 1024000, - "dtls_options": { - "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", - "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", - "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", - "verify": "verify_none", - "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", - "versions": [ - "dtlsv1.2", - "dtlsv1" - ], - "fail_if_no_peer_cert": false, - "user_lookup_fun": "emqx_tls_psk:lookup" - }, - "acceptors": 16, - "max_conn_rate": 1000 - }, - "summary": "A DTLS listener with PSK example" - }, - "lisetner_with_authn": { - "value": { - "name": "tcp-with-authn", - "type": "tcp", - "bind": "22215", - "authentication": { - "mechanism": "password_based", - "backend": "built_in_database", - "password_hash_algorithm": { - "name": "sha256" - }, - "user_id_type": "username" - }, - "max_connections": 1024000, - "acceptors": 16, - "max_conn_rate": 1000 - }, - "summary": "A TCP listener with authentication example" - }, "ws_listener": { "value": { "name": "ws-def", @@ -59011,6 +59120,49 @@ "max_conn_rate": 1000 }, "summary": "A simple WebSocket/TLS listener example" + }, + "dtls_listener_with_psk_ciphers": { + "value": { + "name": "dtls-psk", + "type": "dtls", + "bind": "22214", + "max_connections": 1024000, + "acceptors": 16, + "dtls_options": { + "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", + "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", + "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", + "verify": "verify_none", + "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", + "versions": [ + "dtlsv1.2", + "dtlsv1" + ], + "fail_if_no_peer_cert": false, + "user_lookup_fun": "emqx_tls_psk:lookup" + }, + "max_conn_rate": 1000 + }, + "summary": "A DTLS listener with PSK example" + }, + "lisetner_with_authn": { + "value": { + "name": "tcp-with-authn", + "type": "tcp", + "bind": "22215", + "authentication": { + "mechanism": "password_based", + "backend": "built_in_database", + "password_hash_algorithm": { + "name": "sha256" + }, + "user_id_type": "username" + }, + "max_connections": 1024000, + "acceptors": 16, + "max_conn_rate": 1000 + }, + "summary": "A TCP listener with authentication example" } }, "schema": { @@ -59114,6 +59266,7 @@ "active_n": 100 }, "max_connections": 1024000, + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -59128,7 +59281,6 @@ "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -59156,10 +59308,10 @@ ], "fail_if_no_peer_cert": false }, + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -59188,49 +59340,6 @@ }, "summary": "A simple TCP listener example" }, - "dtls_listener_with_psk_ciphers": { - "value": { - "name": "dtls-psk", - "type": "dtls", - "bind": "22214", - "max_connections": 1024000, - "dtls_options": { - "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", - "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", - "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", - "verify": "verify_none", - "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", - "versions": [ - "dtlsv1.2", - "dtlsv1" - ], - "fail_if_no_peer_cert": false, - "user_lookup_fun": "emqx_tls_psk:lookup" - }, - "acceptors": 16, - "max_conn_rate": 1000 - }, - "summary": "A DTLS listener with PSK example" - }, - "lisetner_with_authn": { - "value": { - "name": "tcp-with-authn", - "type": "tcp", - "bind": "22215", - "authentication": { - "mechanism": "password_based", - "backend": "built_in_database", - "password_hash_algorithm": { - "name": "sha256" - }, - "user_id_type": "username" - }, - "max_connections": 1024000, - "acceptors": 16, - "max_conn_rate": 1000 - }, - "summary": "A TCP listener with authentication example" - }, "ws_listener": { "value": { "name": "ws-def", @@ -59309,6 +59418,49 @@ "max_conn_rate": 1000 }, "summary": "A simple WebSocket/TLS listener example" + }, + "dtls_listener_with_psk_ciphers": { + "value": { + "name": "dtls-psk", + "type": "dtls", + "bind": "22214", + "max_connections": 1024000, + "acceptors": 16, + "dtls_options": { + "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", + "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", + "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", + "verify": "verify_none", + "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", + "versions": [ + "dtlsv1.2", + "dtlsv1" + ], + "fail_if_no_peer_cert": false, + "user_lookup_fun": "emqx_tls_psk:lookup" + }, + "max_conn_rate": 1000 + }, + "summary": "A DTLS listener with PSK example" + }, + "lisetner_with_authn": { + "value": { + "name": "tcp-with-authn", + "type": "tcp", + "bind": "22215", + "authentication": { + "mechanism": "password_based", + "backend": "built_in_database", + "password_hash_algorithm": { + "name": "sha256" + }, + "user_id_type": "username" + }, + "max_connections": 1024000, + "acceptors": 16, + "max_conn_rate": 1000 + }, + "summary": "A TCP listener with authentication example" } }, "schema": { @@ -59725,6 +59877,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -59832,6 +59985,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -59914,8 +60068,8 @@ "type": "syskeeper_proxy", "listen": "127.0.0.1:9092", "enable": true, - "handshake_timeout": "16s", - "acceptors": 16 + "acceptors": 16, + "handshake_timeout": "16s" }, "summary": "Syskeeper Proxy Connector" }, @@ -60193,6 +60347,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -60255,6 +60410,7 @@ "start_after_created": true, "health_check_interval": "30s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -60266,8 +60422,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Consumer Connector" }, @@ -60435,6 +60590,7 @@ "resource_opts": { "request_ttl": "60s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -60446,8 +60602,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Producer Connector" }, @@ -63010,6 +63165,28 @@ } } } + }, + "503": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "SERVICE_UNAVAILABLE" + ] + }, + "message": { + "type": "string", + "description": "Service unavailable" + } + }, + "type": "object" + } + } + } } }, "summary": "Update source", @@ -63243,6 +63420,74 @@ } } } + }, + "400": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "BAD_REQUEST" + ] + }, + "message": { + "type": "string", + "description": "Invalid table sets: bar, foo" + } + }, + "type": "object" + } + } + } + }, + "500": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "BAD_REQUEST" + ] + }, + "message": { + "type": "string", + "description": "Error processing export: ..." + } + }, + "type": "object" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "example": { + "root_keys": [ + "connectors", + "actions", + "sources", + "rule_engine", + "schema_registry" + ], + "table_sets": [ + "banned", + "builtin_authn", + "builtin_authn_scram", + "builtin_authz" + ] + }, + "schema": { + "$ref": "#/components/schemas/emqx_mgmt_api_data_backup.export_request_body" + } + } } }, "security": [ @@ -63271,8 +63516,8 @@ "types": { "value": [ "rabbitmq", - "gcp_pubsub_consumer", "kafka_consumer", + "gcp_pubsub_consumer", "mqtt" ], "summary": "Source types" @@ -63284,8 +63529,8 @@ "type": "string", "enum": [ "rabbitmq", - "gcp_pubsub_consumer", "kafka_consumer", + "gcp_pubsub_consumer", "mqtt" ] } @@ -63458,82 +63703,82 @@ "lwm2m_client": { "value": { "recv_oct": 56, - "awaiting_rel_cnt": 0, - "ip_address": "127.0.0.1", - "is_bridge": false, - "send_msg": 0, - "send_pkt": 1, - "lifetime": 86400, + "subscriptions_max": "infinity", + "awaiting_rel_max": "infinity", "keepalive": 0, + "mqueue_len": 0, "node": "emqx@127.0.0.1", "send_cnt": 1, - "mailbox_len": 0, - "recv_msg": 0, - "username": "guest", - "awaiting_rel_max": "infinity", - "proto_ver": "1.0", - "connected_at": "2021-12-07T10:44:02.721+08:00", + "awaiting_rel_cnt": 0, + "mqueue_max": "infinity", + "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", + "disconnected_at": null, + "send_pkt": 1, + "created_at": "2021-12-07T10:44:02.721+08:00", "send_oct": 61, + "ip_address": "127.0.0.1", + "send_msg": 0, "heap_size": 4185, - "subscriptions_max": "infinity", + "inflight_cnt": 0, "port": 50675, + "mqueue_dropped": 0, + "endpoint_name": "urn:imei:154928475237123", + "proto_ver": "1.0", + "expiry_interval": 0, "inflight_max": "infinity", "subscriptions_cnt": 0, - "mqueue_max": "infinity", + "recv_msg": 0, + "is_bridge": false, + "username": "guest", + "mailbox_len": 0, "recv_pkt": 1, - "proto_name": "LwM2M", - "mqueue_len": 0, - "clean_start": true, - "endpoint_name": "urn:imei:154928475237123", - "mqueue_dropped": 0, - "created_at": "2021-12-07T10:44:02.721+08:00", - "inflight_cnt": 0, - "expiry_interval": 0, + "connected_at": "2021-12-07T10:44:02.721+08:00", "connected": true, "reductions": 72022, - "disconnected_at": null, "recv_cnt": 1, - "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE" + "proto_name": "LwM2M", + "clean_start": true, + "lifetime": 86400 }, "summary": "LwM2M client info" }, "general_client": { "value": { "recv_oct": 56, - "awaiting_rel_cnt": 0, - "ip_address": "127.0.0.1", - "is_bridge": false, - "send_msg": 0, - "send_pkt": 1, + "subscriptions_max": "infinity", + "awaiting_rel_max": "infinity", "keepalive": 0, + "mqueue_len": 0, "node": "emqx@127.0.0.1", "send_cnt": 1, - "mailbox_len": 0, - "recv_msg": 0, - "username": "guest", - "awaiting_rel_max": "infinity", - "proto_ver": "1.0", - "connected_at": "2021-12-07T10:44:02.721+08:00", + "awaiting_rel_cnt": 0, + "mqueue_max": "infinity", + "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", + "disconnected_at": null, + "send_pkt": 1, + "created_at": "2021-12-07T10:44:02.721+08:00", "send_oct": 61, + "ip_address": "127.0.0.1", + "send_msg": 0, "heap_size": 4185, - "subscriptions_max": "infinity", + "inflight_cnt": 0, "port": 50675, + "mqueue_dropped": 0, + "proto_ver": "1.0", + "expiry_interval": 0, "inflight_max": "infinity", "subscriptions_cnt": 0, - "mqueue_max": "infinity", + "recv_msg": 0, + "is_bridge": false, + "username": "guest", + "mailbox_len": 0, "recv_pkt": 1, - "proto_name": "STOMP", - "mqueue_len": 0, - "clean_start": true, - "mqueue_dropped": 0, - "created_at": "2021-12-07T10:44:02.721+08:00", - "inflight_cnt": 0, - "expiry_interval": 0, + "connected_at": "2021-12-07T10:44:02.721+08:00", "connected": true, "reductions": 72022, - "disconnected_at": null, "recv_cnt": 1, - "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE" + "proto_name": "STOMP", + "clean_start": true }, "summary": "General client info" } @@ -64464,6 +64709,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -64613,6 +64859,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -64741,8 +64988,8 @@ "status": "connected" } ], - "handshake_timeout": "16s", "acceptors": 16, + "handshake_timeout": "16s", "actions": [ "my_action" ] @@ -65159,6 +65406,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -65255,6 +65503,7 @@ "start_after_created": true, "health_check_interval": "30s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -65266,8 +65515,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Consumer Connector" }, @@ -65527,6 +65775,7 @@ "resource_opts": { "request_ttl": "60s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -65538,8 +65787,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Producer Connector" }, @@ -65797,6 +66045,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -65946,6 +66195,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -66074,8 +66324,8 @@ "status": "connected" } ], - "handshake_timeout": "16s", "acceptors": 16, + "handshake_timeout": "16s", "actions": [ "my_action" ] @@ -66492,6 +66742,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -66588,6 +66839,7 @@ "start_after_created": true, "health_check_interval": "30s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -66599,8 +66851,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Consumer Connector" }, @@ -66860,6 +67111,7 @@ "resource_opts": { "request_ttl": "60s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -66871,8 +67123,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Producer Connector" }, @@ -67121,6 +67372,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -67211,6 +67463,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -67276,8 +67529,8 @@ "value": { "listen": "127.0.0.1:9092", "enable": true, - "handshake_timeout": "16s", - "acceptors": 16 + "acceptors": 16, + "handshake_timeout": "16s" }, "summary": "Syskeeper Proxy Connector" }, @@ -67531,6 +67784,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -67587,6 +67841,7 @@ "start_after_created": true, "health_check_interval": "30s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -67598,8 +67853,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Consumer Connector" }, @@ -67751,6 +68005,7 @@ "resource_opts": { "request_ttl": "60s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -67762,8 +68017,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Producer Connector" }, @@ -68361,6 +68615,7 @@ "active_n": 100 }, "max_connections": 1024000, + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -68375,7 +68630,6 @@ "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -68403,10 +68657,10 @@ ], "fail_if_no_peer_cert": false }, + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -68435,49 +68689,6 @@ }, "summary": "A simple TCP listener example" }, - "dtls_listener_with_psk_ciphers": { - "value": { - "name": "dtls-psk", - "type": "dtls", - "bind": "22214", - "max_connections": 1024000, - "dtls_options": { - "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", - "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", - "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", - "verify": "verify_none", - "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", - "versions": [ - "dtlsv1.2", - "dtlsv1" - ], - "fail_if_no_peer_cert": false, - "user_lookup_fun": "emqx_tls_psk:lookup" - }, - "acceptors": 16, - "max_conn_rate": 1000 - }, - "summary": "A DTLS listener with PSK example" - }, - "lisetner_with_authn": { - "value": { - "name": "tcp-with-authn", - "type": "tcp", - "bind": "22215", - "authentication": { - "mechanism": "password_based", - "backend": "built_in_database", - "password_hash_algorithm": { - "name": "sha256" - }, - "user_id_type": "username" - }, - "max_connections": 1024000, - "acceptors": 16, - "max_conn_rate": 1000 - }, - "summary": "A TCP listener with authentication example" - }, "ws_listener": { "value": { "name": "ws-def", @@ -68556,6 +68767,49 @@ "max_conn_rate": 1000 }, "summary": "A simple WebSocket/TLS listener example" + }, + "dtls_listener_with_psk_ciphers": { + "value": { + "name": "dtls-psk", + "type": "dtls", + "bind": "22214", + "max_connections": 1024000, + "acceptors": 16, + "dtls_options": { + "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", + "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", + "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", + "verify": "verify_none", + "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", + "versions": [ + "dtlsv1.2", + "dtlsv1" + ], + "fail_if_no_peer_cert": false, + "user_lookup_fun": "emqx_tls_psk:lookup" + }, + "max_conn_rate": 1000 + }, + "summary": "A DTLS listener with PSK example" + }, + "lisetner_with_authn": { + "value": { + "name": "tcp-with-authn", + "type": "tcp", + "bind": "22215", + "authentication": { + "mechanism": "password_based", + "backend": "built_in_database", + "password_hash_algorithm": { + "name": "sha256" + }, + "user_id_type": "username" + }, + "max_connections": 1024000, + "acceptors": 16, + "max_conn_rate": 1000 + }, + "summary": "A TCP listener with authentication example" } }, "schema": { @@ -68707,6 +68961,7 @@ "active_n": 100 }, "max_connections": 1024000, + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -68721,7 +68976,6 @@ "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -68749,10 +69003,10 @@ ], "fail_if_no_peer_cert": false }, + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -68781,49 +69035,6 @@ }, "summary": "A simple TCP listener example" }, - "dtls_listener_with_psk_ciphers": { - "value": { - "name": "dtls-psk", - "type": "dtls", - "bind": "22214", - "max_connections": 1024000, - "dtls_options": { - "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", - "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", - "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", - "verify": "verify_none", - "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", - "versions": [ - "dtlsv1.2", - "dtlsv1" - ], - "fail_if_no_peer_cert": false, - "user_lookup_fun": "emqx_tls_psk:lookup" - }, - "acceptors": 16, - "max_conn_rate": 1000 - }, - "summary": "A DTLS listener with PSK example" - }, - "lisetner_with_authn": { - "value": { - "name": "tcp-with-authn", - "type": "tcp", - "bind": "22215", - "authentication": { - "mechanism": "password_based", - "backend": "built_in_database", - "password_hash_algorithm": { - "name": "sha256" - }, - "user_id_type": "username" - }, - "max_connections": 1024000, - "acceptors": 16, - "max_conn_rate": 1000 - }, - "summary": "A TCP listener with authentication example" - }, "ws_listener": { "value": { "name": "ws-def", @@ -68902,6 +69113,49 @@ "max_conn_rate": 1000 }, "summary": "A simple WebSocket/TLS listener example" + }, + "dtls_listener_with_psk_ciphers": { + "value": { + "name": "dtls-psk", + "type": "dtls", + "bind": "22214", + "max_connections": 1024000, + "acceptors": 16, + "dtls_options": { + "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", + "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", + "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", + "verify": "verify_none", + "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", + "versions": [ + "dtlsv1.2", + "dtlsv1" + ], + "fail_if_no_peer_cert": false, + "user_lookup_fun": "emqx_tls_psk:lookup" + }, + "max_conn_rate": 1000 + }, + "summary": "A DTLS listener with PSK example" + }, + "lisetner_with_authn": { + "value": { + "name": "tcp-with-authn", + "type": "tcp", + "bind": "22215", + "authentication": { + "mechanism": "password_based", + "backend": "built_in_database", + "password_hash_algorithm": { + "name": "sha256" + }, + "user_id_type": "username" + }, + "max_connections": 1024000, + "acceptors": 16, + "max_conn_rate": 1000 + }, + "summary": "A TCP listener with authentication example" } }, "schema": { @@ -69005,6 +69259,7 @@ "active_n": 100 }, "max_connections": 1024000, + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -69019,7 +69274,6 @@ "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -69047,10 +69301,10 @@ ], "fail_if_no_peer_cert": false }, + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -69079,49 +69333,6 @@ }, "summary": "A simple TCP listener example" }, - "dtls_listener_with_psk_ciphers": { - "value": { - "name": "dtls-psk", - "type": "dtls", - "bind": "22214", - "max_connections": 1024000, - "dtls_options": { - "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", - "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", - "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", - "verify": "verify_none", - "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", - "versions": [ - "dtlsv1.2", - "dtlsv1" - ], - "fail_if_no_peer_cert": false, - "user_lookup_fun": "emqx_tls_psk:lookup" - }, - "acceptors": 16, - "max_conn_rate": 1000 - }, - "summary": "A DTLS listener with PSK example" - }, - "lisetner_with_authn": { - "value": { - "name": "tcp-with-authn", - "type": "tcp", - "bind": "22215", - "authentication": { - "mechanism": "password_based", - "backend": "built_in_database", - "password_hash_algorithm": { - "name": "sha256" - }, - "user_id_type": "username" - }, - "max_connections": 1024000, - "acceptors": 16, - "max_conn_rate": 1000 - }, - "summary": "A TCP listener with authentication example" - }, "ws_listener": { "value": { "name": "ws-def", @@ -69200,6 +69411,49 @@ "max_conn_rate": 1000 }, "summary": "A simple WebSocket/TLS listener example" + }, + "dtls_listener_with_psk_ciphers": { + "value": { + "name": "dtls-psk", + "type": "dtls", + "bind": "22214", + "max_connections": 1024000, + "acceptors": 16, + "dtls_options": { + "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", + "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", + "keyfile": "${EMQX_ETC_DIR}/certs/key.pem", + "verify": "verify_none", + "ciphers": "RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA", + "versions": [ + "dtlsv1.2", + "dtlsv1" + ], + "fail_if_no_peer_cert": false, + "user_lookup_fun": "emqx_tls_psk:lookup" + }, + "max_conn_rate": 1000 + }, + "summary": "A DTLS listener with PSK example" + }, + "lisetner_with_authn": { + "value": { + "name": "tcp-with-authn", + "type": "tcp", + "bind": "22215", + "authentication": { + "mechanism": "password_based", + "backend": "built_in_database", + "password_hash_algorithm": { + "name": "sha256" + }, + "user_id_type": "username" + }, + "max_connections": 1024000, + "acceptors": 16, + "max_conn_rate": 1000 + }, + "summary": "A TCP listener with authentication example" } }, "schema": { @@ -70050,8 +70304,8 @@ } ], "resource_metrics": { - "success": 0, "matched": 0, + "success": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -70076,8 +70330,8 @@ { "node": "emqx@127.0.0.1", "metrics": { - "success": 0, "matched": 0, + "success": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -70616,8 +70870,8 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 8, - "max_buffer_bytes": 268435456, "query_mode": "async", + "max_buffer_bytes": 268435456, "health_check_interval": "15s" }, "enable_pipelining": 100, @@ -70643,17 +70897,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -70664,8 +70917,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "socket_opts": { @@ -70698,7 +70952,6 @@ "sndbuf": "1024KB", "tcp_keepalive": "none" }, - "local_topic": "mqtt/local/topic", "kafka": { "message": { "timestamp": "${.timestamp}", @@ -70707,9 +70960,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -70717,9 +70970,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -70730,10 +70981,13 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, + "local_topic": "mqtt/local/topic", "min_metadata_refresh_interval": "3s", "bootstrap_hosts": "localhost:9092", "metadata_request_timeout": "4s" @@ -70817,9 +71071,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -70864,9 +71118,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -70882,9 +71136,9 @@ "aws_secret_access_key": "******", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", @@ -70912,9 +71166,9 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "enable_pipelining": 100, @@ -70940,9 +71194,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "payload_template": "", @@ -70965,9 +71219,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -70989,9 +71243,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -71046,9 +71300,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "enabledb": true @@ -71105,9 +71359,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -71128,8 +71382,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "batch_time": "20ms", - "query_mode": "sync" + "query_mode": "sync", + "batch_time": "20ms" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -71160,7 +71414,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -71172,7 +71425,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -71219,8 +71473,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "max_buffer_bytes": 104857600, "query_mode": "sync", + "max_buffer_bytes": 104857600, "health_check_interval": "15s" }, "ingress": { @@ -71262,9 +71516,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -71315,18 +71569,18 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -71349,9 +71603,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -71372,9 +71626,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -71436,9 +71690,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -71459,9 +71713,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -71918,8 +72172,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -72198,8 +72452,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -73457,8 +73711,8 @@ } ], "resource_metrics": { - "success": 0, "matched": 0, + "success": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -73482,8 +73736,8 @@ { "node": "emqx@127.0.0.1", "metrics": { - "success": 0, "matched": 0, + "success": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -73994,12 +74248,12 @@ "active_n": 100 }, "max_connections": 204800, + "acceptors": 16, + "proxy_protocol": false, "access_rules": [ "allow all" ], "proxy_protocol_timeout": "3s", - "acceptors": 16, - "proxy_protocol": false, "zone": "default", "mountpoint": "/", "current_connections": 10240 @@ -74069,12 +74323,12 @@ "active_n": 100 }, "max_connections": 204800, + "acceptors": 16, + "proxy_protocol": false, "access_rules": [ "allow all" ], "proxy_protocol_timeout": "3s", - "acceptors": 16, - "proxy_protocol": false, "zone": "default", "mountpoint": "/", "current_connections": 10240 @@ -74683,248 +74937,248 @@ "password_based:redis": { "value": { "mechanism": "password_based", + "cmd": "HMGET ${username} password_hash salt", "server": "127.0.0.1:6379", + "database": 0, + "backend": "redis", + "password_hash_algorithm": { + "name": "sha256", + "salt_position": "suffix" + }, + "redis_type": "single" + }, + "summary": "password_based authentication with Redis backend" + } + }, + "schema": { + "oneOf": [ + { + "$ref": "#/components/schemas/authn.cinfo" + }, + { + "$ref": "#/components/schemas/authn.kerberos" + }, + { + "$ref": "#/components/schemas/authn.gcp_device" + }, + { + "$ref": "#/components/schemas/authn.ldap_deprecated" + }, + { + "$ref": "#/components/schemas/authn.ldap" + }, + { + "$ref": "#/components/schemas/authn.jwt_jwks" + }, + { + "$ref": "#/components/schemas/authn.jwt_public_key" + }, + { + "$ref": "#/components/schemas/authn.jwt_hmac" + }, + { + "$ref": "#/components/schemas/authn.http_post" + }, + { + "$ref": "#/components/schemas/authn.http_get" + }, + { + "$ref": "#/components/schemas/authn.redis_sentinel" + }, + { + "$ref": "#/components/schemas/authn.redis_cluster" + }, + { + "$ref": "#/components/schemas/authn.redis_single" + }, + { + "$ref": "#/components/schemas/authn.mongo_sharded" + }, + { + "$ref": "#/components/schemas/authn.mongo_rs" + }, + { + "$ref": "#/components/schemas/authn.mongo_single" + }, + { + "$ref": "#/components/schemas/authn.postgresql" + }, + { + "$ref": "#/components/schemas/authn.mysql" + }, + { + "$ref": "#/components/schemas/authn.builtin_db" + } + ] + } + } + } + }, + "204": { + "description": "Authenticator not initialized" + }, + "400": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "BAD_REQUEST" + ] + }, + "message": { + "type": "string", + "description": "Bad request" + } + }, + "type": "object" + } + } + } + }, + "404": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "NOT_FOUND", + "RESOURCE_NOT_FOUND" + ] + }, + "message": { + "type": "string", + "description": "Not Found" + } + }, + "type": "object" + } + } + } + } + }, + "summary": "Get authenticator configuration", + "security": [ + { + "basicAuth": [] + }, + { + "bearerAuth": [] + } + ] + }, + "put": { + "description": "Update the configuration of the specified gateway authenticator, or disable the authenticator.", + "tags": [ + "Gateway Authentication" + ], + "parameters": [ + { + "in": "path", + "name": "name", + "description": "Gateway Name", + "required": true, + "schema": { + "type": "string", + "enum": [ + "coap", + "exproto", + "gbt32960", + "jt808", + "lwm2m", + "mqttsn", + "ocpp", + "stomp" + ] + }, + "example": "stomp" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "examples": { + "jwt": { + "value": { + "mechanism": "jwt", + "secret": "mysecret", + "algorithm": "hmac-based", + "secret_base64_encoded": false, + "use_jwks": false, + "verify_claims": { + "username": "${username}" + } + }, + "summary": "JWT authentication" + }, + "password_based:built_in_database": { + "value": { + "mechanism": "password_based", + "backend": "built_in_database", + "password_hash_algorithm": { + "name": "sha256", + "salt_position": "suffix" + }, + "user_id_type": "username" + }, + "summary": "Built-in password_based authentication" + }, + "password_based:http": { + "value": { + "ssl": { + "enable": false + }, + "connect_timeout": "5s", + "mechanism": "password_based", + "pool_size": 8, + "body": { + "password": "${password}", + "username": "${username}" + }, + "headers": { + "content-type": "application/json" + }, + "url": "http://127.0.0.1:18083", + "method": "post", + "backend": "http", + "request_timeout": "5s", + "enable_pipelining": 100 + }, + "summary": "password_based authentication through external HTTP API" + }, + "password_based:mongodb": { + "value": { + "mechanism": "password_based", + "filter": { + "username": "${username}" + }, + "server": "127.0.0.1:27017", + "database": "example", + "backend": "mongodb", + "password_hash_algorithm": { + "name": "sha256", + "salt_position": "suffix" + }, + "collection": "users", + "is_superuser_field": "is_superuser", + "password_hash_field": "password_hash", + "salt_field": "salt" + }, + "summary": "password_based authentication with MongoDB backend" + }, + "password_based:redis": { + "value": { + "mechanism": "password_based", "cmd": "HMGET ${username} password_hash salt", - "database": 0, - "backend": "redis", - "password_hash_algorithm": { - "name": "sha256", - "salt_position": "suffix" - }, - "redis_type": "single" - }, - "summary": "password_based authentication with Redis backend" - } - }, - "schema": { - "oneOf": [ - { - "$ref": "#/components/schemas/authn.cinfo" - }, - { - "$ref": "#/components/schemas/authn.kerberos" - }, - { - "$ref": "#/components/schemas/authn.gcp_device" - }, - { - "$ref": "#/components/schemas/authn.ldap_deprecated" - }, - { - "$ref": "#/components/schemas/authn.ldap" - }, - { - "$ref": "#/components/schemas/authn.jwt_jwks" - }, - { - "$ref": "#/components/schemas/authn.jwt_public_key" - }, - { - "$ref": "#/components/schemas/authn.jwt_hmac" - }, - { - "$ref": "#/components/schemas/authn.http_post" - }, - { - "$ref": "#/components/schemas/authn.http_get" - }, - { - "$ref": "#/components/schemas/authn.redis_sentinel" - }, - { - "$ref": "#/components/schemas/authn.redis_cluster" - }, - { - "$ref": "#/components/schemas/authn.redis_single" - }, - { - "$ref": "#/components/schemas/authn.mongo_sharded" - }, - { - "$ref": "#/components/schemas/authn.mongo_rs" - }, - { - "$ref": "#/components/schemas/authn.mongo_single" - }, - { - "$ref": "#/components/schemas/authn.postgresql" - }, - { - "$ref": "#/components/schemas/authn.mysql" - }, - { - "$ref": "#/components/schemas/authn.builtin_db" - } - ] - } - } - } - }, - "204": { - "description": "Authenticator not initialized" - }, - "400": { - "description": "", - "content": { - "application/json": { - "schema": { - "properties": { - "code": { - "type": "string", - "enum": [ - "BAD_REQUEST" - ] - }, - "message": { - "type": "string", - "description": "Bad request" - } - }, - "type": "object" - } - } - } - }, - "404": { - "description": "", - "content": { - "application/json": { - "schema": { - "properties": { - "code": { - "type": "string", - "enum": [ - "NOT_FOUND", - "RESOURCE_NOT_FOUND" - ] - }, - "message": { - "type": "string", - "description": "Not Found" - } - }, - "type": "object" - } - } - } - } - }, - "summary": "Get authenticator configuration", - "security": [ - { - "basicAuth": [] - }, - { - "bearerAuth": [] - } - ] - }, - "put": { - "description": "Update the configuration of the specified gateway authenticator, or disable the authenticator.", - "tags": [ - "Gateway Authentication" - ], - "parameters": [ - { - "in": "path", - "name": "name", - "description": "Gateway Name", - "required": true, - "schema": { - "type": "string", - "enum": [ - "coap", - "exproto", - "gbt32960", - "jt808", - "lwm2m", - "mqttsn", - "ocpp", - "stomp" - ] - }, - "example": "stomp" - } - ], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "examples": { - "jwt": { - "value": { - "mechanism": "jwt", - "secret": "mysecret", - "algorithm": "hmac-based", - "secret_base64_encoded": false, - "use_jwks": false, - "verify_claims": { - "username": "${username}" - } - }, - "summary": "JWT authentication" - }, - "password_based:built_in_database": { - "value": { - "mechanism": "password_based", - "backend": "built_in_database", - "password_hash_algorithm": { - "name": "sha256", - "salt_position": "suffix" - }, - "user_id_type": "username" - }, - "summary": "Built-in password_based authentication" - }, - "password_based:http": { - "value": { - "ssl": { - "enable": false - }, - "connect_timeout": "5s", - "mechanism": "password_based", - "pool_size": 8, - "body": { - "password": "${password}", - "username": "${username}" - }, - "headers": { - "content-type": "application/json" - }, - "url": "http://127.0.0.1:18083", - "method": "post", - "backend": "http", - "request_timeout": "5s", - "enable_pipelining": 100 - }, - "summary": "password_based authentication through external HTTP API" - }, - "password_based:mongodb": { - "value": { - "mechanism": "password_based", - "filter": { - "username": "${username}" - }, - "server": "127.0.0.1:27017", - "database": "example", - "backend": "mongodb", - "password_hash_algorithm": { - "name": "sha256", - "salt_position": "suffix" - }, - "collection": "users", - "is_superuser_field": "is_superuser", - "password_hash_field": "password_hash", - "salt_field": "salt" - }, - "summary": "password_based authentication with MongoDB backend" - }, - "password_based:redis": { - "value": { - "mechanism": "password_based", - "server": "127.0.0.1:6379", - "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -75122,8 +75376,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -75399,8 +75653,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -75598,8 +75852,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -76503,17 +76757,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -76524,8 +76777,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_confluent_producer_connector", @@ -76586,10 +76840,10 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -76609,9 +76863,9 @@ ], "resource_opts": { "worker_pool_size": 16, + "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -76648,17 +76902,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -76669,8 +76922,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_azure_event_hub_producer_connector", @@ -76695,9 +76949,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -76705,9 +76959,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -76718,8 +76970,10 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_kafka_producer_connector", @@ -76932,8 +77186,8 @@ } ], "resource_opts": { - "inflight_window": 10, - "query_mode": "sync" + "query_mode": "sync", + "inflight_window": 10 } }, { @@ -77037,10 +77291,10 @@ "resource_opts": { "batch_size": 10000, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -77204,10 +77458,10 @@ "resource_opts": { "batch_size": 100, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -77310,8 +77564,8 @@ } ], "resource_opts": { - "inflight_window": 100, "query_mode": "async", + "inflight_window": 100, "health_check_interval": "10s" } }, @@ -77344,14 +77598,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", - "pubsub_topic": "mytopic", - "ordering_key_template": "${payload.ok}", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } - ] + ], + "ordering_key_template": "${payload.ok}", + "pubsub_topic": "mytopic" }, "connector": "my_connector_name", "node_status": [ @@ -77585,17 +77839,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -77606,8 +77859,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_confluent_producer_connector", @@ -77674,10 +77928,10 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -77700,9 +77954,9 @@ ], "resource_opts": { "worker_pool_size": 16, + "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -77745,17 +77999,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -77766,8 +78019,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_azure_event_hub_producer_connector", @@ -77795,9 +78049,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -77805,9 +78059,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -77818,8 +78070,10 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_kafka_producer_connector", @@ -78059,8 +78313,8 @@ } ], "resource_opts": { - "inflight_window": 10, - "query_mode": "sync" + "query_mode": "sync", + "inflight_window": 10 } }, "summary": "S3 Direct Upload" @@ -78176,10 +78430,10 @@ "resource_opts": { "batch_size": 10000, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -78364,10 +78618,10 @@ "resource_opts": { "batch_size": 100, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -78482,8 +78736,8 @@ } ], "resource_opts": { - "inflight_window": 100, "query_mode": "async", + "inflight_window": 100, "health_check_interval": "10s" } }, @@ -78522,14 +78776,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", - "pubsub_topic": "mytopic", - "ordering_key_template": "${payload.ok}", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } - ] + ], + "ordering_key_template": "${payload.ok}", + "pubsub_topic": "mytopic" }, "connector": "my_connector_name", "node_status": [ @@ -78765,17 +79019,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -78786,8 +79039,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_confluent_producer_connector", @@ -78836,10 +79090,10 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -78857,9 +79111,9 @@ "connector": "my_connector", "resource_opts": { "worker_pool_size": 16, + "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -78894,17 +79148,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -78915,8 +79168,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_azure_event_hub_producer_connector", @@ -78937,9 +79191,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -78947,9 +79201,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -78960,8 +79212,10 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_kafka_producer_connector", @@ -79136,8 +79390,8 @@ }, "connector": "my_s3_connector", "resource_opts": { - "inflight_window": 10, - "query_mode": "sync" + "query_mode": "sync", + "inflight_window": 10 } }, "summary": "S3 Direct Upload" @@ -79227,10 +79481,10 @@ "resource_opts": { "batch_size": 10000, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -79368,10 +79622,10 @@ "resource_opts": { "batch_size": 100, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -79460,8 +79714,8 @@ }, "connector": "my_s3_connector", "resource_opts": { - "inflight_window": 100, "query_mode": "async", + "inflight_window": 100, "health_check_interval": "10s" } }, @@ -79494,14 +79748,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", - "pubsub_topic": "mytopic", - "ordering_key_template": "${payload.ok}", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } - ] + ], + "ordering_key_template": "${payload.ok}", + "pubsub_topic": "mytopic" }, "connector": "my_connector_name", "resource_opts": { @@ -79747,7 +80001,7 @@ "schema": { "type": "string" }, - "example": "04685EF9289AD005" + "example": "F7073C22D3F85180" } ], "responses": { @@ -79832,7 +80086,7 @@ "schema": { "type": "string" }, - "example": "04685EF9289AD005" + "example": "F7073C22D3F85180" } ], "responses": { @@ -80362,9 +80616,9 @@ "othernode@127.0.0.1" ], "wait_takeover": "10s", + "wait_health_check": "10s", "sess_evict_rate": 20, "conn_evict_rate": 10, - "wait_health_check": "10s", "rel_sess_threshold": 1.5, "rel_conn_threshold": 1.5, "abs_sess_threshold": 10, @@ -80791,8 +81045,8 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 8, - "max_buffer_bytes": 268435456, "query_mode": "async", + "max_buffer_bytes": 268435456, "health_check_interval": "15s" }, "enable_pipelining": 100, @@ -80819,17 +81073,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -80840,8 +81093,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "socket_opts": { @@ -80887,7 +81141,6 @@ "status": "connected" } ], - "local_topic": "mqtt/local/topic", "kafka": { "message": { "timestamp": "${.timestamp}", @@ -80896,9 +81149,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -80906,9 +81159,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -80919,10 +81170,13 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, + "local_topic": "mqtt/local/topic", "min_metadata_refresh_interval": "3s", "bootstrap_hosts": "localhost:9092", "metadata_request_timeout": "4s" @@ -81013,9 +81267,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -81060,9 +81314,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -81078,9 +81332,9 @@ "aws_secret_access_key": "******", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", @@ -81108,9 +81362,9 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "enable_pipelining": 100, @@ -81136,9 +81390,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "payload_template": "", @@ -81161,9 +81415,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -81185,9 +81439,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -81242,9 +81496,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "enabledb": true @@ -81301,9 +81555,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -81324,8 +81578,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "batch_time": "20ms", - "query_mode": "sync" + "query_mode": "sync", + "batch_time": "20ms" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -81356,7 +81610,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -81368,7 +81621,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -81415,8 +81669,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "max_buffer_bytes": 104857600, "query_mode": "sync", + "max_buffer_bytes": 104857600, "health_check_interval": "15s" }, "ingress": { @@ -81458,9 +81712,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -81511,18 +81765,18 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -81545,9 +81799,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -81575,9 +81829,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -81646,9 +81900,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -81676,9 +81930,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -81889,8 +82143,8 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 8, - "max_buffer_bytes": 268435456, "query_mode": "async", + "max_buffer_bytes": 268435456, "health_check_interval": "15s" }, "enable_pipelining": 100, @@ -81917,17 +82171,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -81938,8 +82191,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "socket_opts": { @@ -81985,7 +82239,6 @@ "status": "connected" } ], - "local_topic": "mqtt/local/topic", "kafka": { "message": { "timestamp": "${.timestamp}", @@ -81994,9 +82247,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -82004,9 +82257,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -82017,10 +82268,13 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, + "local_topic": "mqtt/local/topic", "min_metadata_refresh_interval": "3s", "bootstrap_hosts": "localhost:9092", "metadata_request_timeout": "4s" @@ -82111,9 +82365,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -82158,9 +82412,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -82176,9 +82430,9 @@ "aws_secret_access_key": "******", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", @@ -82206,9 +82460,9 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "enable_pipelining": 100, @@ -82234,9 +82488,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "payload_template": "", @@ -82259,9 +82513,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -82283,9 +82537,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -82340,9 +82594,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "enabledb": true @@ -82399,9 +82653,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -82422,8 +82676,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "batch_time": "20ms", - "query_mode": "sync" + "query_mode": "sync", + "batch_time": "20ms" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -82454,7 +82708,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -82466,7 +82719,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -82513,8 +82767,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "max_buffer_bytes": 104857600, "query_mode": "sync", + "max_buffer_bytes": 104857600, "health_check_interval": "15s" }, "ingress": { @@ -82556,9 +82810,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -82609,18 +82863,18 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -82643,9 +82897,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -82673,9 +82927,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -82744,9 +82998,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -82774,9 +83028,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -82981,8 +83235,8 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 8, - "max_buffer_bytes": 268435456, "query_mode": "async", + "max_buffer_bytes": 268435456, "health_check_interval": "15s" }, "enable_pipelining": 100, @@ -83008,17 +83262,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -83029,8 +83282,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "socket_opts": { @@ -83061,7 +83315,6 @@ "sndbuf": "1024KB", "tcp_keepalive": "none" }, - "local_topic": "mqtt/local/topic", "kafka": { "message": { "timestamp": "${.timestamp}", @@ -83070,9 +83323,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -83080,9 +83333,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -83093,10 +83344,13 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, + "local_topic": "mqtt/local/topic", "min_metadata_refresh_interval": "3s", "bootstrap_hosts": "localhost:9092", "metadata_request_timeout": "4s" @@ -83178,9 +83432,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -83223,9 +83477,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -83241,9 +83495,9 @@ "aws_secret_access_key": "******", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", @@ -83269,9 +83523,9 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "enable_pipelining": 100, @@ -83297,9 +83551,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "payload_template": "", @@ -83322,9 +83576,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -83346,9 +83600,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -83403,9 +83657,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "enabledb": true @@ -83462,9 +83716,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -83485,8 +83739,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "batch_time": "20ms", - "query_mode": "sync" + "query_mode": "sync", + "batch_time": "20ms" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -83517,7 +83771,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -83529,7 +83782,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -83572,8 +83826,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "max_buffer_bytes": 104857600, "query_mode": "sync", + "max_buffer_bytes": 104857600, "health_check_interval": "15s" }, "ingress": { @@ -83615,9 +83869,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -83668,18 +83922,18 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -83702,9 +83956,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -83725,9 +83979,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -83787,9 +84041,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -83810,9 +84064,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -84646,14 +84900,14 @@ "key": "topic" } ], - "failure_action": "drop", "log_failure": { "level": "info" }, - "payload_encoder": { + "failure_action": "drop", + "payload_decoder": { "type": "json" }, - "payload_decoder": { + "payload_encoder": { "type": "json" } }, @@ -86610,8 +86864,8 @@ }, { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -86790,8 +87044,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -86996,8 +87250,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -87799,17 +88053,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -87820,8 +88073,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_confluent_producer_connector", @@ -87870,10 +88124,10 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -87891,9 +88145,9 @@ "connector": "my_connector", "resource_opts": { "worker_pool_size": 16, + "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -87928,17 +88182,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -87949,8 +88202,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_azure_event_hub_producer_connector", @@ -87971,9 +88225,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -87981,9 +88235,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -87994,8 +88246,10 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_kafka_producer_connector", @@ -88170,8 +88424,8 @@ }, "connector": "my_s3_connector", "resource_opts": { - "inflight_window": 10, - "query_mode": "sync" + "query_mode": "sync", + "inflight_window": 10 } }, "summary": "S3 Direct Upload" @@ -88261,10 +88515,10 @@ "resource_opts": { "batch_size": 10000, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -88402,10 +88656,10 @@ "resource_opts": { "batch_size": 100, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -88494,8 +88748,8 @@ }, "connector": "my_s3_connector", "resource_opts": { - "inflight_window": 100, "query_mode": "async", + "inflight_window": 100, "health_check_interval": "10s" } }, @@ -88528,14 +88782,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", - "pubsub_topic": "mytopic", - "ordering_key_template": "${payload.ok}", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } - ] + ], + "ordering_key_template": "${payload.ok}", + "pubsub_topic": "mytopic" }, "connector": "my_connector_name", "resource_opts": { @@ -89909,38 +90163,38 @@ "types": { "value": [ "http", - "rocketmq", "rabbitmq", "cassandra", - "influxdb", - "greptimedb", - "azure_event_hub_producer", - "iotdb", + "rocketmq", + "kafka_producer", "pulsar", + "hstreamdb", "sqlserver", + "mongodb", + "greptimedb", "syskeeper_forwarder", - "hstreamdb", - "kafka_producer", "confluent_producer", "gcp_pubsub_producer", - "mongodb", - "kinesis", - "datalayers", + "influxdb", + "azure_event_hub_producer", + "iotdb", "s3", + "kinesis", "opents", "redis", + "datalayers", "mqtt", "timescale", - "oracle", - "clickhouse", "snowflake", + "tdengine", "couchbase", + "clickhouse", "azure_blob_storage", - "tdengine", + "oracle", "matrix", "elasticsearch", - "pgsql", "mysql", + "pgsql", "dynamo" ], "summary": "Action types" @@ -89952,38 +90206,38 @@ "type": "string", "enum": [ "http", - "rocketmq", "rabbitmq", "cassandra", - "influxdb", - "greptimedb", - "azure_event_hub_producer", - "iotdb", + "rocketmq", + "kafka_producer", "pulsar", + "hstreamdb", "sqlserver", + "mongodb", + "greptimedb", "syskeeper_forwarder", - "hstreamdb", - "kafka_producer", "confluent_producer", "gcp_pubsub_producer", - "mongodb", - "kinesis", - "datalayers", + "influxdb", + "azure_event_hub_producer", + "iotdb", "s3", + "kinesis", "opents", "redis", + "datalayers", "mqtt", "timescale", - "oracle", - "clickhouse", "snowflake", + "tdengine", "couchbase", + "clickhouse", "azure_blob_storage", - "tdengine", + "oracle", "matrix", "elasticsearch", - "pgsql", "mysql", + "pgsql", "dynamo" ] } @@ -90663,7 +90917,7 @@ "schema": { "type": "string" }, - "example": "04685EF9289AD005" + "example": "F7073C22D3F85180" } ], "responses": { @@ -91390,7 +91644,7 @@ } }, "update_msg_publish_condition": "always", - "xml_dir": "/etc/emqx/lwm2m_xml" + "xml_dir": "etc/lwm2m_xml" }, "summary": "A simple LwM2M gateway config" }, @@ -91909,17 +92163,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -91930,8 +92183,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_confluent_producer_connector", @@ -91998,10 +92252,10 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -92024,9 +92278,9 @@ ], "resource_opts": { "worker_pool_size": 16, + "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -92069,17 +92323,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -92090,8 +92343,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_azure_event_hub_producer_connector", @@ -92119,9 +92373,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -92129,9 +92383,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -92142,8 +92394,10 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_kafka_producer_connector", @@ -92383,8 +92637,8 @@ } ], "resource_opts": { - "inflight_window": 10, - "query_mode": "sync" + "query_mode": "sync", + "inflight_window": 10 } }, "summary": "S3 Direct Upload" @@ -92500,10 +92754,10 @@ "resource_opts": { "batch_size": 10000, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -92688,10 +92942,10 @@ "resource_opts": { "batch_size": 100, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -92806,8 +93060,8 @@ } ], "resource_opts": { - "inflight_window": 100, "query_mode": "async", + "inflight_window": 100, "health_check_interval": "10s" } }, @@ -92846,14 +93100,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", - "pubsub_topic": "mytopic", - "ordering_key_template": "${payload.ok}", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } - ] + ], + "ordering_key_template": "${payload.ok}", + "pubsub_topic": "mytopic" }, "connector": "my_connector_name", "node_status": [ @@ -93125,17 +93379,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -93146,8 +93399,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_confluent_producer_connector", @@ -93214,10 +93468,10 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -93240,9 +93494,9 @@ ], "resource_opts": { "worker_pool_size": 16, + "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -93285,17 +93539,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -93306,8 +93559,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_azure_event_hub_producer_connector", @@ -93335,9 +93589,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -93345,9 +93599,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -93358,8 +93610,10 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_kafka_producer_connector", @@ -93599,8 +93853,8 @@ } ], "resource_opts": { - "inflight_window": 10, - "query_mode": "sync" + "query_mode": "sync", + "inflight_window": 10 } }, "summary": "S3 Direct Upload" @@ -93716,10 +93970,10 @@ "resource_opts": { "batch_size": 10000, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -93904,10 +94158,10 @@ "resource_opts": { "batch_size": 100, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -94022,8 +94276,8 @@ } ], "resource_opts": { - "inflight_window": 100, "query_mode": "async", + "inflight_window": 100, "health_check_interval": "10s" } }, @@ -94062,14 +94316,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", - "pubsub_topic": "mytopic", - "ordering_key_template": "${payload.ok}", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } - ] + ], + "ordering_key_template": "${payload.ok}", + "pubsub_topic": "mytopic" }, "connector": "my_connector_name", "node_status": [ @@ -94288,6 +94542,28 @@ } } } + }, + "503": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "SERVICE_UNAVAILABLE" + ] + }, + "message": { + "type": "string", + "description": "Service unavailable" + } + }, + "type": "object" + } + } + } } }, "summary": "Update bridge", @@ -94323,17 +94599,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -94344,8 +94619,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_confluent_producer_connector", @@ -94390,10 +94666,10 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -94409,9 +94685,9 @@ "connector": "my_connector", "resource_opts": { "worker_pool_size": 16, + "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -94442,17 +94718,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -94463,8 +94738,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_azure_event_hub_producer_connector", @@ -94483,9 +94759,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -94493,9 +94769,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -94506,8 +94780,10 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "connector": "my_kafka_producer_connector", @@ -94664,8 +94940,8 @@ "acl": "public_read" }, "resource_opts": { - "inflight_window": 10, - "query_mode": "sync" + "query_mode": "sync", + "inflight_window": 10 } }, "summary": "S3 Direct Upload" @@ -94747,10 +95023,10 @@ "resource_opts": { "batch_size": 10000, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -94876,10 +95152,10 @@ "resource_opts": { "batch_size": 100, "worker_pool_size": 16, + "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "query_mode": "sync", "health_check_interval": "30s" } }, @@ -94958,8 +95234,8 @@ } }, "resource_opts": { - "inflight_window": 100, "query_mode": "async", + "inflight_window": 100, "health_check_interval": "10s" } }, @@ -94988,14 +95264,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", - "pubsub_topic": "mytopic", - "ordering_key_template": "${payload.ok}", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } - ] + ], + "ordering_key_template": "${payload.ok}", + "pubsub_topic": "mytopic" }, "connector": "my_connector_name", "resource_opts": { @@ -95718,8 +95994,36 @@ } ], "responses": { - "204": { - "description": "Imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -96120,7 +96424,7 @@ { "in": "query", "name": "clientid", - "description": "Query the banned objects with an exact client ID.", + "description": "Query the banning rules with an exact client ID.", "required": false, "schema": { "type": "string" @@ -96129,7 +96433,7 @@ { "in": "query", "name": "username", - "description": "Query the banned objects with an exact username.", + "description": "Query the banning rules with an exact username.", "required": false, "schema": { "type": "string" @@ -96138,7 +96442,7 @@ { "in": "query", "name": "peerhost", - "description": "Query the banned objects with an exact IP address.", + "description": "Query the banning rules with an exact IP address.", "required": false, "schema": { "type": "string" @@ -96148,7 +96452,7 @@ { "in": "query", "name": "like_clientid", - "description": "Fuzzy query banned objects with a regular expression for client ID.", + "description": "Fuzzy query banning rules with a regular expression for client ID.", "required": false, "schema": { "type": "string" @@ -96157,7 +96461,7 @@ { "in": "query", "name": "like_username", - "description": "Fuzzy query banned objects with a regular expression for username.", + "description": "Fuzzy query banning rules with a regular expression for username.", "required": false, "schema": { "type": "string" @@ -96166,7 +96470,7 @@ { "in": "query", "name": "like_peerhost", - "description": "Fuzzy query banned objects with a regular expression for IP address.", + "description": "Fuzzy query banning rules with a regular expression for IP address.", "required": false, "schema": { "type": "string" @@ -96176,7 +96480,7 @@ { "in": "query", "name": "like_peerhost_net", - "description": "Fuzzy query banned objects with a regular expression for CIDR.", + "description": "Fuzzy query banning rules with a regular expression for CIDR.", "required": false, "schema": { "type": "string" @@ -96699,6 +97003,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -96833,6 +97138,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -96949,8 +97255,8 @@ "status": "connected" } ], - "handshake_timeout": "16s", "acceptors": 16, + "handshake_timeout": "16s", "actions": [ "my_action" ] @@ -97319,6 +97625,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -97406,6 +97713,7 @@ "start_after_created": true, "health_check_interval": "30s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -97417,8 +97725,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, { "name": "clickhouse_connector", @@ -97648,6 +97955,7 @@ "resource_opts": { "request_ttl": "60s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -97659,8 +97967,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, { "name": "my_timescale_connector", @@ -97880,6 +98187,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -98029,6 +98337,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -98157,8 +98466,8 @@ "status": "connected" } ], - "handshake_timeout": "16s", "acceptors": 16, + "handshake_timeout": "16s", "actions": [ "my_action" ] @@ -98575,6 +98884,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -98671,6 +98981,7 @@ "start_after_created": true, "health_check_interval": "30s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -98682,8 +98993,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Consumer Connector" }, @@ -98943,6 +99253,7 @@ "resource_opts": { "request_ttl": "60s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -98954,8 +99265,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Producer Connector" }, @@ -99184,6 +99494,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -99291,6 +99602,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -99373,8 +99685,8 @@ "type": "syskeeper_proxy", "listen": "127.0.0.1:9092", "enable": true, - "handshake_timeout": "16s", - "acceptors": 16 + "acceptors": 16, + "handshake_timeout": "16s" }, "summary": "Syskeeper Proxy Connector" }, @@ -99652,6 +99964,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -99714,6 +100027,7 @@ "start_after_created": true, "health_check_interval": "30s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -99725,8 +100039,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Consumer Connector" }, @@ -99894,6 +100207,7 @@ "resource_opts": { "request_ttl": "60s" }, + "pipelining": 100, "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -99905,8 +100219,7 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - }, - "pipelining": 100 + } }, "summary": "GCP PubSub Producer Connector" }, @@ -100192,10 +100505,10 @@ "schema": "my_avro_schema" } ], - "failure_action": "drop", "log_failure": { "level": "info" - } + }, + "failure_action": "drop" }, "summary": "Using an Avro schema check" }, @@ -100217,10 +100530,10 @@ "sql": "select payload.temp as t where t > 10" } ], - "failure_action": "drop", "log_failure": { "level": "info" - } + }, + "failure_action": "drop" }, "summary": "Using a SQL check" } @@ -102141,10 +102454,10 @@ "sql": "select payload.temp as t where t > 10" } ], - "failure_action": "drop", "log_failure": { "level": "info" - } + }, + "failure_action": "drop" }, { "name": "other_validation", @@ -102163,10 +102476,10 @@ "schema": "my_avro_schema" } ], - "failure_action": "drop", "log_failure": { "level": "info" - } + }, + "failure_action": "drop" } ], "summary": "List" @@ -102225,10 +102538,10 @@ "sql": "select payload.temp as t where t > 10" } ], - "failure_action": "drop", "log_failure": { "level": "info" - } + }, + "failure_action": "drop" }, "summary": "Update" } @@ -102307,10 +102620,10 @@ "sql": "select payload.temp as t where t > 10" } ], - "failure_action": "drop", "log_failure": { "level": "info" - } + }, + "failure_action": "drop" }, "summary": "Update" } @@ -102360,10 +102673,10 @@ "schema": "my_avro_schema" } ], - "failure_action": "drop", "log_failure": { "level": "info" - } + }, + "failure_action": "drop" }, "summary": "Using an Avro schema check" }, @@ -102385,10 +102698,10 @@ "sql": "select payload.temp as t where t > 10" } ], - "failure_action": "drop", "log_failure": { "level": "info" - } + }, + "failure_action": "drop" }, "summary": "Using a SQL check" } @@ -102445,10 +102758,10 @@ "schema": "my_avro_schema" } ], - "failure_action": "drop", "log_failure": { "level": "info" - } + }, + "failure_action": "drop" }, "summary": "Using an Avro schema check" }, @@ -102470,10 +102783,10 @@ "sql": "select payload.temp as t where t > 10" } ], - "failure_action": "drop", "log_failure": { "level": "info" - } + }, + "failure_action": "drop" }, "summary": "Using a SQL check" } @@ -104204,12 +104517,12 @@ "active_n": 100 }, "max_connections": 204800, + "acceptors": 16, + "proxy_protocol": false, "access_rules": [ "allow all" ], "proxy_protocol_timeout": "3s", - "acceptors": 16, - "proxy_protocol": false, "zone": "default", "mountpoint": "/", "current_connections": 10240 @@ -104300,12 +104613,12 @@ "active_n": 100 }, "max_connections": 204800, + "acceptors": 16, + "proxy_protocol": false, "access_rules": [ "allow all" ], "proxy_protocol_timeout": "3s", - "acceptors": 16, - "proxy_protocol": false, "zone": "default", "mountpoint": "/", "current_connections": 10240 @@ -104397,12 +104710,12 @@ "active_n": 100 }, "max_connections": 204800, + "acceptors": 16, + "proxy_protocol": false, "access_rules": [ "allow all" ], "proxy_protocol_timeout": "3s", - "acceptors": 16, - "proxy_protocol": false, "zone": "default", "mountpoint": "/", "current_connections": 10240 @@ -105440,8 +105753,36 @@ } ], "responses": { - "204": { - "description": "Imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -105879,8 +106220,8 @@ "email": "contact@foo.com", "start_at": "2022-01-11", "expiry": false, - "deployment": "bar-deployment", "customer_type": 10, + "deployment": "bar-deployment", "customer": "Foo", "expiry_at": "2295-10-27" } @@ -105923,8 +106264,8 @@ "email": "contact@foo.com", "start_at": "2022-01-11", "expiry": false, - "deployment": "bar-deployment", "customer_type": 10, + "deployment": "bar-deployment", "customer": "Foo", "expiry_at": "2295-10-27" } @@ -106717,8 +107058,8 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 8, - "max_buffer_bytes": 268435456, "query_mode": "async", + "max_buffer_bytes": 268435456, "health_check_interval": "15s" }, "enable_pipelining": 100, @@ -106742,17 +107083,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -106763,8 +107103,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "socket_opts": { @@ -106807,7 +107148,6 @@ "status": "connected" } ], - "local_topic": "mqtt/local/topic", "kafka": { "message": { "timestamp": "${.timestamp}", @@ -106816,9 +107156,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -106826,9 +107166,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -106839,10 +107177,13 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, + "local_topic": "mqtt/local/topic", "min_metadata_refresh_interval": "3s", "bootstrap_hosts": "localhost:9092", "metadata_request_timeout": "4s" @@ -106924,9 +107265,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -106965,9 +107306,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -106980,9 +107321,9 @@ "aws_secret_access_key": "******", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", @@ -107007,9 +107348,9 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "enable_pipelining": 100, @@ -107032,9 +107373,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "payload_template": "", @@ -107054,9 +107395,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -107075,9 +107416,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -107123,9 +107464,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "enabledb": true @@ -107173,9 +107514,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -107193,8 +107534,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "batch_time": "20ms", - "query_mode": "sync" + "query_mode": "sync", + "batch_time": "20ms" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -107219,7 +107560,6 @@ "influxdb_type": "influxdb_api_v1" }, { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -107231,7 +107571,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, { "name": "redis_bridge", @@ -107272,8 +107613,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "max_buffer_bytes": 104857600, "query_mode": "sync", + "max_buffer_bytes": 104857600, "health_check_interval": "15s" }, "ingress": { @@ -107312,9 +107653,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -107359,18 +107700,18 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -107390,9 +107731,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -107417,9 +107758,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -107482,9 +107823,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -107509,9 +107850,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -107690,8 +108031,8 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 8, - "max_buffer_bytes": 268435456, "query_mode": "async", + "max_buffer_bytes": 268435456, "health_check_interval": "15s" }, "enable_pipelining": 100, @@ -107718,17 +108059,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -107739,8 +108079,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "socket_opts": { @@ -107786,7 +108127,6 @@ "status": "connected" } ], - "local_topic": "mqtt/local/topic", "kafka": { "message": { "timestamp": "${.timestamp}", @@ -107795,9 +108135,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -107805,9 +108145,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -107818,10 +108156,13 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, + "local_topic": "mqtt/local/topic", "min_metadata_refresh_interval": "3s", "bootstrap_hosts": "localhost:9092", "metadata_request_timeout": "4s" @@ -107912,9 +108253,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -107959,9 +108300,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -107977,9 +108318,9 @@ "aws_secret_access_key": "******", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", @@ -108007,9 +108348,9 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "enable_pipelining": 100, @@ -108035,9 +108376,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "payload_template": "", @@ -108060,9 +108401,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -108084,9 +108425,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -108141,9 +108482,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "enabledb": true @@ -108200,9 +108541,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -108223,8 +108564,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "batch_time": "20ms", - "query_mode": "sync" + "query_mode": "sync", + "batch_time": "20ms" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -108255,7 +108596,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -108267,7 +108607,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -108314,8 +108655,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "max_buffer_bytes": 104857600, "query_mode": "sync", + "max_buffer_bytes": 104857600, "health_check_interval": "15s" }, "ingress": { @@ -108357,9 +108698,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -108410,18 +108751,18 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -108444,9 +108785,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -108474,9 +108815,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -108545,9 +108886,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -108575,9 +108916,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -108760,8 +109101,8 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 8, - "max_buffer_bytes": 268435456, "query_mode": "async", + "max_buffer_bytes": 268435456, "health_check_interval": "15s" }, "enable_pipelining": 100, @@ -108787,17 +109128,16 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "100MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "topic": "topic", "max_inflight": 10, "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${.pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -108808,8 +109148,9 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${.pub_props}", + "kafka_header_value_encode_mode": "none", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, "socket_opts": { @@ -108842,7 +109183,6 @@ "sndbuf": "1024KB", "tcp_keepalive": "none" }, - "local_topic": "mqtt/local/topic", "kafka": { "message": { "timestamp": "${.timestamp}", @@ -108851,9 +109191,9 @@ }, "buffer": { "mode": "hybrid", - "memory_overload_protection": true, "segment_bytes": "10MB", - "per_partition_limit": "2GB" + "per_partition_limit": "2GB", + "memory_overload_protection": true }, "compression": "no_compression", "topic": "kafka-topic", @@ -108861,9 +109201,7 @@ "required_acks": "all_isr", "max_linger_bytes": "10MB", "max_batch_bytes": "896KB", - "partitions_limit": "all_partitions", - "partition_count_refresh_interval": "60s", - "kafka_header_value_encode_mode": "none", + "kafka_headers": "${pub_props}", "kafka_ext_headers": [ { "kafka_ext_header_value": "${clientid}", @@ -108874,10 +109212,13 @@ "kafka_ext_header_key": "topic" } ], - "kafka_headers": "${pub_props}", + "kafka_header_value_encode_mode": "none", + "partitions_limit": "all_partitions", "partition_strategy": "random", + "partition_count_refresh_interval": "60s", "max_linger_time": "5ms" }, + "local_topic": "mqtt/local/topic", "min_metadata_refresh_interval": "3s", "bootstrap_hosts": "localhost:9092", "metadata_request_timeout": "4s" @@ -108961,9 +109302,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -109008,9 +109349,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -109026,9 +109367,9 @@ "aws_secret_access_key": "******", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", @@ -109056,9 +109397,9 @@ "pool_type": "random", "resource_opts": { "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "query_mode": "async", "health_check_interval": 15000 }, "enable_pipelining": 100, @@ -109084,9 +109425,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "payload_template": "", @@ -109109,9 +109450,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -109133,9 +109474,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -109190,9 +109531,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "enabledb": true @@ -109249,9 +109590,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -109272,8 +109613,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "batch_time": "20ms", - "query_mode": "sync" + "query_mode": "sync", + "batch_time": "20ms" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -109304,7 +109645,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -109316,7 +109656,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -109363,8 +109704,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "max_buffer_bytes": 104857600, "query_mode": "sync", + "max_buffer_bytes": 104857600, "health_check_interval": "15s" }, "ingress": { @@ -109406,9 +109747,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -109459,18 +109800,18 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#", @@ -109493,9 +109834,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -109516,9 +109857,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -109580,9 +109921,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 1, + "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "sync", "health_check_interval": "15s" }, "local_topic": "local/topic/#" @@ -109603,9 +109944,9 @@ "resource_opts": { "batch_size": 1, "worker_pool_size": 8, + "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "query_mode": "async", "health_check_interval": "15s" }, "local_topic": "local/topic/#" diff --git a/redocly/ee-zh.json b/redocly/ee-zh.json index a8bb1e683..dfeb0785a 100644 --- a/redocly/ee-zh.json +++ b/redocly/ee-zh.json @@ -1,6 +1,6 @@ { "info": { - "version": "5.8.1", + "version": "5.8.2", "title": "EMQX Enterprise API" }, "components": { @@ -1293,7 +1293,7 @@ "hash_topic", "hash_clientid" ], - "description": "The strategy to use for the initial subscriber pick when shared_subscription_strategy is `sticky`.
- `random`: Randomly select the subscriber;
- `local`: Randomly select a subscriber on the current node, if there are no subscribers on the current node, then randomly select within the cluster;
- `hash_clientid`: Hash the publisher's client ID to select a subscriber;
- `hash_topic`: Hash the publishing topic to select a subscriber." + "description": "当 shared_subscription_strategy 为 `sticky` 时,初始订阅者选择的策略。
- `random`: 随机选择订阅者;
- `local`: 随机选择当前节点上的订阅者,如果当前节点上没有订阅者,则在集群中随机选择;
- `hash_clientid`: 根据发布者的客户端 ID 进行哈希,选择订阅者;
- `hash_topic`: 根据发布的主题进行哈希,选择订阅者。" }, "exclusive_subscription": { "default": false, @@ -1925,7 +1925,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" }, "local_topic": { "type": "string", @@ -2096,6 +2096,11 @@ ], "description": "InfluxDB 时间精度。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -2197,7 +2202,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" } }, "type": "object" @@ -3051,7 +3056,7 @@ }, "checks": { "type": "array", - "description": "A list of checks to perform on the client information.
If all checks are skipped, the default result `ignore` is returned.
The `ignore` result means to defer the authentication to the next authenticator in the chain.", + "description": "对客户端信息执行的一组检查。
如果所有检查都被跳过,则返回默认结果 `ignore`。
`ignore` 结果表示将认证流程交由链中的下一个认证器处理。", "items": { "$ref": "#/components/schemas/authn.cinfo_check" } @@ -3696,6 +3701,11 @@ ], "description": "InfluxDB 时间精度。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -3808,6 +3818,11 @@ ], "description": "InfluxDB 时间精度。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -6091,7 +6106,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" } }, "type": "object" @@ -7939,6 +7954,11 @@ ], "description": "InfluxDB 时间精度。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -8873,7 +8893,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" } }, "type": "object" @@ -11433,6 +11453,12 @@ "format": "password", "description": "包含用户密码的字符串。仅在私钥文件受密码保护时使用。", "example": "" + }, + "hibernate_after": { + "default": "5s", + "type": "string", + "description": "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。

当有新消息到达时,休眠的进程将被唤醒。
过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。", + "example": "12m" } }, "type": "object" @@ -11900,7 +11926,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" }, "driver": { "default": "ms-sql", @@ -12557,7 +12583,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" } }, "type": "object" @@ -13405,15 +13431,15 @@ "enum": [ "confluent" ], - "description": "External Schema Registry Type" + "description": "外部 Schema Registry 类型" }, "url": { "type": "string", - "description": "URL endpoint for external registry." + "description": "外部 registry 的 URL 端点" }, "auth": { "default": "none", - "description": "Authentication options for accessing external registry.", + "description": "访问外部 registry 的认证选项。", "oneOf": [ { "$ref": "#/components/schemas/schema_registry.confluent_schema_registry_auth_basic" @@ -13734,6 +13760,11 @@ ], "description": "InfluxDB 时间精度。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -17550,13 +17581,13 @@ "max_linger_time": { "default": "0ms", "type": "string", - "description": "Maximum duration for a per-partition producer to wait for messages in order to collect a batch to buffer.
The default value `0` means no wait. For non-memory buffer mode, it's advised to configure at least `5ms` for less IOPS.", + "description": "每个分区生产者为了收集批量消息进行缓冲的最长等待时间。
默认值为 0,表示不等待。 对于非内存缓冲模式,建议配置至少 5ms 以减少 IOPS(每秒输入输出操作次数)。", "example": "32s" }, "max_linger_bytes": { "default": "10MB", "type": "string", - "description": "Maximum number of bytes for a per-partition producer to wait for messages in order to collect a batch to buffer.", + "description": "每个分区生产者在发送数据前,为了收集批量消息进行缓冲,最多可以等待的消息字节数。", "example": "32MB" }, "max_batch_bytes": { @@ -18553,7 +18584,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" } }, "type": "object" @@ -18680,13 +18711,13 @@ "max_linger_time": { "default": "0ms", "type": "string", - "description": "Maximum duration for a per-partition producer to wait for messages in order to collect a batch to buffer.
The default value `0` means no wait. For non-memory buffer mode, it's advised to configure at least `5ms` for less IOPS.", + "description": "每个分区生产者为了收集批量消息进行缓冲的最长等待时间。
默认值为 0,表示不等待。 对于非内存缓冲模式,建议配置至少 5ms 以减少 IOPS(每秒输入输出操作次数)。", "example": "32s" }, "max_linger_bytes": { "default": "10MB", "type": "string", - "description": "Maximum number of bytes for a per-partition producer to wait for messages in order to collect a batch to buffer.", + "description": "每个分区生产者在发送数据前,为了收集批量消息进行缓冲,最多可以等待的消息字节数。", "example": "32MB" }, "max_batch_bytes": { @@ -20062,7 +20093,7 @@ }, "actions.discarded": { "type": "integer", - "description": "The number of discarded actions due to action being disabled or race condition while action is being deleted.", + "description": "由于动作被停用或在动作被删除时发生竞态条件而导致丢弃的动作次数。", "minimum": 0 } }, @@ -20840,6 +20871,11 @@ "type": "string", "description": "要连接的 IPv4 或 IPv6 地址或主机名。

主机条目的格式为:`Host[:Port]`.

如果未指定 `[:Port]`,则使用 Datalayers 的默认端口 8361。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "特定于此 Datalayers 连接器类型的参数集。", "oneOf": [ @@ -21143,19 +21179,19 @@ }, "server": { "type": "string", - "description": "The address of Snowflake computing server to connect to." + "description": "连接到 Snowflake 计算服务器的地址。" }, "account": { "type": "string", - "description": "Account ID for Snowflake." + "description": "Snowflake 的账户 ID。" }, "dsn": { "type": "string", - "description": "Data Source Name (DSN) associated with the installed Snowflake ODBC driver." + "description": "与已安装的 Snowflake ODBC 驱动程序关联的数据源名称 (DSN)。" }, "proxy": { "default": "none", - "description": "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS).", + "description": "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。", "oneOf": [ { "$ref": "#/components/schemas/connector_snowflake.proxy_config" @@ -22656,19 +22692,19 @@ }, "server": { "type": "string", - "description": "The address of Snowflake computing server to connect to." + "description": "连接到 Snowflake 计算服务器的地址。" }, "account": { "type": "string", - "description": "Account ID for Snowflake." + "description": "Snowflake 的账户 ID。" }, "dsn": { "type": "string", - "description": "Data Source Name (DSN) associated with the installed Snowflake ODBC driver." + "description": "与已安装的 Snowflake ODBC 驱动程序关联的数据源名称 (DSN)。" }, "proxy": { "default": "none", - "description": "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS).", + "description": "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。", "oneOf": [ { "$ref": "#/components/schemas/connector_snowflake.proxy_config" @@ -24170,12 +24206,12 @@ "properties": { "host": { "type": "string", - "description": "Proxy host address to connect to." + "description": "用于连接的代理主机地址。" }, "port": { "maximum": 65535, "type": "integer", - "description": "Proxy port to use when connecting.", + "description": "连接时使用的代理端口。", "minimum": 1 } }, @@ -25897,6 +25933,11 @@ ], "description": "InfluxDB 时间精度。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "ssl": { "default": { "enable": false @@ -27350,6 +27391,27 @@ "description": "消息保留时间。0 代表永久保留", "example": "32s" }, + "msg_expiry_interval_override": { + "default": "disabled", + "description": "If set, this value will take precedence over any `Message-Expiry-Interval` property specified in retained MQTT messages, allowing messages to expire earlier if necessary. This override only applies to the garbage collection process: it does not affect the expiry time of messages being written nor that of already written messages while iterating over them. Therefore, messages that are candidate for garbage collection when overridden may still be visible when subscribing to retained topics.", + "oneOf": [ + { + "type": "string", + "example": "32s" + }, + { + "type": "string", + "enum": [ + "disabled" + ] + } + ] + }, + "allow_never_expire": { + "default": true, + "type": "boolean", + "description": "If true, retained messages set to never expire (i.e., whose `Message-Expiry-Interval = 0`) are not affected by the expiry time override. This configuration only takes effect when `msg_expiry_interval_override` is set." + }, "msg_clear_interval": { "default": "0s", "type": "string", @@ -27550,12 +27612,12 @@ "properties": { "host": { "type": "string", - "description": "Proxy host address to connect to." + "description": "用于连接的代理主机地址。" }, "port": { "maximum": 65535, "type": "integer", - "description": "Proxy port to use when connecting.", + "description": "连接时使用的代理端口。", "minimum": 1 } }, @@ -27623,7 +27685,7 @@ ], "properties": { "is_match": { - "description": "One Variform expression or an array of expressions to evaluate with a set of pre-bound variables derived from the client information.
Supported variables:
- `username`: the username of the client.
- `password`: the password of the client.
- `clientid`: the client ID of the client.
- `client_attrs.*`: the client attributes of the client.
- `peerhost`: the IP address of the client.
- `cert_subject`: the subject of the TLS certificate.
- `cert_common_name`: the issuer of the TLS certificate.
- `zone`: the config zone associated with the listener from which the client is accepted.
If the expression(s) all yields the string value `'true'`, then the associated `result` is returned from this authenticator.
If any expression yields the other than `'true'`, then the current check is skipped.", + "description": "一个 Variform 表达式或表达式数组,用于评估一组从客户端信息派生的预绑定变量。
支持的变量:
- `username`: 客户端的用户名。
- `password`:客户端的密码。
- `clientid`: 客户端的客户端。
- `client_attrs.*`: 客户端的客户端属性。
- `peerhost`: 客户端的 IP 地址。
- `cert_subject`: TLS 证书的主体
- `cert_common_name`: TLS 证书通用名称。
- `zone`:与接受客户端的监听器关联的配置区域。
如果所有表达式的结果都是字符串值 'true',则从此认证器返回关联的 result。
如果任何表达式的结果不是 'true',则跳过当前检查。", "oneOf": [ { "type": "array", @@ -27643,7 +27705,7 @@ "deny", "ignore" ], - "description": "The result to return if the match condition is `true`.
Supported results:
- `ignore`: defer the authentication to the next authenticator in the chain.
- `allow`: allow the client to connect.
- `deny`: deny the client to connect." + "description": "当匹配条件为 `true` 时返回的结果。
支持的结果:
- `ignore`: 将身份验证交由链中的下一个认证器处理。
- `allow`: 允许客户端连接。
- `deny`: 拒绝客户端连接。" } }, "type": "object" @@ -29869,6 +29931,11 @@ "type": "string", "description": "将要连接的 IPv4 或 IPv6 地址,或者主机名。

主机名具有以下形式:`Host[:Port]`。

如果未指定 `[:Port]`,则使用 InfluxDB 默认端口 8086。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "给定版本的 InfluxDB 连接器的参数集,`influxdb_type` 可以是 `influxdb_api_v1` 或 `influxdb_api_v2`。", "oneOf": [ @@ -30901,13 +30968,13 @@ "time_interval": { "default": "1h", "type": "string", - "description": "Amount of time events will be aggregated in a single file on each node before uploading.", + "description": "每个节点在上传之前,将事件聚合到单个文件中的时间间隔。", "example": "1h" }, "max_records": { "default": 1000000, "type": "integer", - "description": "Number of records (events) allowed per each aggregated file. Each aggregated upload will contain no more than that number of events, but may contain less.

If event rate is high enough, there obviously may be more than one aggregated upload during the same time interval. These uploads will have different, but consecutive sequence numbers, which will be a part of Snowflake staged file name.", + "description": "每个聚合文件允许的最大记录数(事件数)。 每次聚合上传将包含不超过该数量的事件,但可能会少于该数量。

如果事件速率较高,在同一时间间隔内可能会进行多次聚合上传。这些上传将具有不同但连续的序列号,且该序列号将作为 Snowflake 阶段文件名的一部分。", "minimum": 1 } }, @@ -32708,6 +32775,25 @@ }, "type": "object" }, + "emqx_mgmt_api_data_backup.export_request_body": { + "properties": { + "table_sets": { + "type": "array", + "description": "Sets of tables to export. Exports all if omitted. Valid values:

- api_keys
- banned
- builtin_authn
- builtin_authz
- builtin_retainer
- dashboard_users
- psk
", + "items": { + "type": "string" + } + }, + "root_keys": { + "type": "array", + "description": "Sets of root configuration keys to export. Exports all if omitted.", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, "bridge_redis.get_cluster": { "required": [ "command_template", @@ -33481,15 +33567,15 @@ "enum": [ "confluent" ], - "description": "External Schema Registry Type" + "description": "外部 Schema Registry 类型" }, "url": { "type": "string", - "description": "URL endpoint for external registry." + "description": "外部 registry 的 URL 端点" }, "auth": { "default": "none", - "description": "Authentication options for accessing external registry.", + "description": "访问外部 registry 的认证选项。", "oneOf": [ { "$ref": "#/components/schemas/schema_registry.confluent_schema_registry_auth_basic" @@ -33947,65 +34033,65 @@ "enum": [ "aggregated" ], - "description": "Enables time-based aggregation of incoming events and uploading them to the Snowflake as a single object. This aggregation is done independently by each node in the cluster." + "description": "启用基于时间的事件聚合,并将其作为一个对象上传到 Snowflake。每个集群节点独立进行此聚合。" }, "aggregation": { - "description": "Set of parameters governing the aggregation process.", + "description": "控制聚合过程的一组参数。", "$ref": "#/components/schemas/action_snowflake.aggregation" }, "private_key": { "type": "string", "format": "password", - "description": "The private key configured for the Pipe User. This supports the input formats below:
- Plain key: Enter the private key contents in PEM format directly as a string value.
- File Path: Specify the path to a file that contains the private key. Ensure the path starts with file://. The file path must be the same on all nodes in the cluster.", + "description": "为管道用户配置的私钥。支持以下输入格式:
- 明文密钥:直接以字符串形式输入 PEM 格式的私钥内容。
- 文件路径:指定包含私钥的文件路径。确保路径以 file:// 开头。文件路径必须在集群的所有节点上相同。", "example": "R4ND0M/S∃CЯ∃T" }, "database": { "type": "string", - "description": "Name of the Database that contains the Snowflake resources." + "description": "包含 Snowflake 资源的数据库名称。" }, "schema": { "type": "string", - "description": "Name of the Schema that contains the Snowflake resources." + "description": "包含 Snowflake 资源的模式名称。" }, "stage": { "type": "string", - "description": "Name of the Stage that'll be used for loading data files into Snowflake." + "description": "用于将数据文件加载到 Snowflake 的 Stage 名称。" }, "pipe": { "type": "string", - "description": "Name of the Pipe that'll be used to ingest data into the table." + "description": "用于将数据导入表的管道名称。" }, "pipe_user": { "type": "string", - "description": "A username which has a role with permissions over the Pipe to be used. The minimum permissions are `operate` and `monitor`." + "description": "具有使用 Pipe 权限的角色的用户名。最低要求的权限是 operate 和 monitor。" }, "connect_timeout": { "default": "15s", "type": "string", - "description": "The timeout when connecting to the HTTP server.", + "description": "连接到 HTTP 服务器时的超时时间。", "example": "32s" }, "pipelining": { "default": 100, "type": "integer", - "description": "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.", + "description": "一个正整数。表示是否连续发送 HTTP 请求。设置为 1 时,表示每次发送 HTTP 请求后,需等待服务器返回再发送下一个请求.", "minimum": 1 }, "pool_size": { "default": 8, "type": "integer", - "description": "The pool size.", + "description": "连接池大小", "minimum": 1 }, "max_retries": { "default": 3, "type": "integer", - "description": "Max retry attempts if there's an error when sending an HTTP request.", + "description": "发送 HTTP 请求时出现错误的最大重试次数。", "minimum": 0 }, "proxy": { "default": "none", - "description": "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS).", + "description": "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。", "oneOf": [ { "$ref": "#/components/schemas/action_snowflake.proxy_config" @@ -34083,6 +34169,11 @@ "type": "string", "description": "要连接的 IPv4 或 IPv6 地址或主机名。

主机条目的格式为:`Host[:Port]`.

如果未指定 `[:Port]`,则使用 Datalayers 的默认端口 8361。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "特定于此 Datalayers 连接器类型的参数集。", "oneOf": [ @@ -34944,7 +35035,7 @@ "description": "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。" }, "parameters": { - "description": "Set of parameters for the action.", + "description": "一组动作参数", "oneOf": [ { "$ref": "#/components/schemas/action_snowflake.aggreg_parameters" @@ -35166,7 +35257,7 @@ "description": "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。" }, "parameters": { - "description": "Set of parameters for the action.", + "description": "一组动作参数", "oneOf": [ { "$ref": "#/components/schemas/action_snowflake.aggreg_parameters" @@ -35478,7 +35569,7 @@ "enum": [ "restapi" ], - "description": "The drivers for IoTDB connector, can be:
- rest
- thrift" + "description": "IoTDB 连接器使用的驱动程序,可以是:
- rest
- thrift" }, "base_url": { "type": "string", @@ -37158,6 +37249,12 @@ "type": "string", "description": "用于此 Source 的消费者组标识符。如果省略,将自动生成一个基于 Source 名称的标识符。" }, + "max_wait_time": { + "default": "1s", + "type": "string", + "description": "Maximum amount of time that is waited for the Kafka broker to send a fetch response.", + "example": "32s" + }, "max_batch_bytes": { "default": "896KB", "type": "string", @@ -37656,19 +37753,19 @@ }, "server": { "type": "string", - "description": "The address of Snowflake computing server to connect to." + "description": "连接到 Snowflake 计算服务器的地址。" }, "account": { "type": "string", - "description": "Account ID for Snowflake." + "description": "Snowflake 的账户 ID。" }, "dsn": { "type": "string", - "description": "Data Source Name (DSN) associated with the installed Snowflake ODBC driver." + "description": "与已安装的 Snowflake ODBC 驱动程序关联的数据源名称 (DSN)。" }, "proxy": { "default": "none", - "description": "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS).", + "description": "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。", "oneOf": [ { "$ref": "#/components/schemas/connector_snowflake.proxy_config" @@ -38430,7 +38527,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" } }, "type": "object" @@ -38822,11 +38919,11 @@ "enum": [ "thrift" ], - "description": "The drivers for IoTDB connector, can be:
- rest
- thrift" + "description": "IoTDB 连接器使用的驱动程序,可以是:
- rest
- thrift" }, "server": { "type": "string", - "description": "The address of the IoTDB Thrift server (host:port)" + "description": "IoTDB Thrift 服务器的地址(主机:端口)。" }, "protocol_version": { "default": "protocol_v3", @@ -38836,39 +38933,39 @@ "protocol_v2", "protocol_v3" ], - "description": "The version of IoTDB Thrift protocol" + "description": "IoTDB Thrift 协议的版本。" }, "zoneId": { "default": "Asia/Shanghai", "type": "string", - "description": "Timezone for IoTDB Thrift session" + "description": "IoTDB Thrift 会话的时区。" }, "pool_size": { "default": 8, "type": "integer", - "description": "Size for the IoTDB Thrift connection pool", + "description": "IoTDB Thrift 连接池的大小。", "minimum": 1 }, "connect_timeout": { "default": "10s", "type": "string", - "description": "Timeout for connecting to the IoTDB Thrift server", + "description": "连接到 IoTDB Thrift 服务器的超时时间。", "example": "32s" }, "recv_timeout": { "default": "10s", "type": "string", - "description": "Timeout for IoTDB Thrift server response", + "description": "IoTDB Thrift 服务器响应的超时时间。", "example": "32s" }, "username": { "type": "string", - "description": "The username as configured at the IoTDB REST/Thrift interface" + "description": "在 IoTDB REST/Thrift 接口中配置的用户名。" }, "password": { "type": "string", "format": "password", - "description": "The password as configured at the IoTDB/Thrift REST interface", + "description": "在 IoTDB/Thrift REST 接口中配置的密码。", "example": "R4ND0M/S∃CЯ∃T" }, "ssl": { @@ -39043,7 +39140,7 @@ "description": "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。" }, "parameters": { - "description": "Set of parameters for the action.", + "description": "一组动作参数", "oneOf": [ { "$ref": "#/components/schemas/action_snowflake.aggreg_parameters" @@ -39798,7 +39895,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" }, "driver": { "default": "ms-sql", @@ -43253,7 +43350,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" } }, "type": "object" @@ -44321,7 +44418,7 @@ "enum": [ "influxdb_v1" ], - "description": "The Driver used to communicate with Datalayers service." + "description": "用于与 Datalayers 服务通信的驱动程序。" }, "database": { "type": "string", @@ -44356,13 +44453,13 @@ "max_linger_time": { "default": "0ms", "type": "string", - "description": "Maximum duration for a per-partition producer to wait for messages in order to collect a batch to buffer.
The default value `0` means no wait. For non-memory buffer mode, it's advised to configure at least `5ms` for less IOPS.", + "description": "每个分区生产者为了收集批量消息进行缓冲的最长等待时间。
默认值为 0,表示不等待。 对于非内存缓冲模式,建议配置至少 5ms 以减少 IOPS(每秒输入输出操作次数)。", "example": "32s" }, "max_linger_bytes": { "default": "10MB", "type": "string", - "description": "Maximum number of bytes for a per-partition producer to wait for messages in order to collect a batch to buffer.", + "description": "每个分区生产者在发送数据前,为了收集批量消息进行缓冲,最多可以等待的消息字节数。", "example": "32MB" }, "max_batch_bytes": { @@ -44491,7 +44588,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" }, "local_topic": { "type": "string", @@ -45110,7 +45207,7 @@ }, "actions.discarded": { "type": "integer", - "description": "The number of discarded actions due to action being disabled or race condition while action is being deleted.", + "description": "由于动作被停用或在动作被删除时发生竞态条件而导致丢弃的动作次数。", "minimum": 0 } }, @@ -45474,6 +45571,11 @@ "type": "string", "description": "将要连接的 IPv4 或 IPv6 地址,或者主机名。

主机名具有以下形式:`Host[:Port]`。

如果未指定 `[:Port]`,则使用 InfluxDB 默认端口 8086。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "给定版本的 InfluxDB 连接器的参数集,`influxdb_type` 可以是 `influxdb_api_v1` 或 `influxdb_api_v2`。", "oneOf": [ @@ -45831,6 +45933,11 @@ "type": "string", "description": "将要连接的 IPv4 或 IPv6 地址,或者主机名。

主机名具有以下形式:`Host[:Port]`。

如果未指定 `[:Port]`,则使用 InfluxDB 默认端口 8086。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "给定版本的 InfluxDB 连接器的参数集,`influxdb_type` 可以是 `influxdb_api_v1` 或 `influxdb_api_v2`。", "oneOf": [ @@ -47240,6 +47347,11 @@ "type": "string", "description": "要连接的 IPv4 或 IPv6 地址或主机名。

主机条目的格式为:`Host[:Port]`.

如果未指定 `[:Port]`,则使用 Datalayers 的默认端口 8361。" }, + "pool_size": { + "default": 8, + "type": "integer", + "description": "Size of the connection pool towards the bridge target service." + }, "parameters": { "description": "特定于此 Datalayers 连接器类型的参数集。", "oneOf": [ @@ -47513,7 +47625,7 @@ "site": { "type": "string", "description": "Site ID", - "example": "265CC0026343EB92" + "example": "368BB1A145C500E6" }, "status": { "type": "string", @@ -49329,11 +49441,13 @@ "idle_poll_interval": { "default": "10s", "type": "string", + "description": "Expiry interval for poll requests sent by durable sessions to the storage.", "example": "12m" }, "heartbeat_interval": { "default": "5000ms", "type": "string", + "description": "Durable sessions back up their state on disc every heartbeat interval.

Heartbeat interval is also taken into account during garbage collection of expired sessions.
It is added to the session expiry time as a safety margin when precise time of session termination is not precisely known.", "example": "12m" }, "session_gc_interval": { @@ -49351,6 +49465,7 @@ "message_retention_period": { "default": "1d", "type": "string", + "description": "Broker keeps messages sent to the durable sessions for this period of time.", "example": "12m" } }, @@ -49946,12 +50061,12 @@ "properties": { "username": { "type": "string", - "description": "Username for basic authentication method." + "description": "基本认证方法的用户名。" }, "password": { "type": "string", "format": "password", - "description": "Password for basic authentication method.", + "description": "基本认证方法的密码。", "example": "R4ND0M/S∃CЯ∃T" } }, @@ -50428,11 +50543,11 @@ "enum": [ "thrift" ], - "description": "The drivers for IoTDB connector, can be:
- rest
- thrift" + "description": "IoTDB 连接器使用的驱动程序,可以是:
- rest
- thrift" }, "server": { "type": "string", - "description": "The address of the IoTDB Thrift server (host:port)" + "description": "IoTDB Thrift 服务器的地址(主机:端口)。" }, "protocol_version": { "default": "protocol_v3", @@ -50442,39 +50557,39 @@ "protocol_v2", "protocol_v3" ], - "description": "The version of IoTDB Thrift protocol" + "description": "IoTDB Thrift 协议的版本。" }, "zoneId": { "default": "Asia/Shanghai", "type": "string", - "description": "Timezone for IoTDB Thrift session" + "description": "IoTDB Thrift 会话的时区。" }, "pool_size": { "default": 8, "type": "integer", - "description": "Size for the IoTDB Thrift connection pool", + "description": "IoTDB Thrift 连接池的大小。", "minimum": 1 }, "connect_timeout": { "default": "10s", "type": "string", - "description": "Timeout for connecting to the IoTDB Thrift server", + "description": "连接到 IoTDB Thrift 服务器的超时时间。", "example": "32s" }, "recv_timeout": { "default": "10s", "type": "string", - "description": "Timeout for IoTDB Thrift server response", + "description": "IoTDB Thrift 服务器响应的超时时间。", "example": "32s" }, "username": { "type": "string", - "description": "The username as configured at the IoTDB REST/Thrift interface" + "description": "在 IoTDB REST/Thrift 接口中配置的用户名。" }, "password": { "type": "string", "format": "password", - "description": "The password as configured at the IoTDB/Thrift REST interface", + "description": "在 IoTDB/Thrift REST 接口中配置的密码。", "example": "R4ND0M/S∃CЯ∃T" }, "ssl": { @@ -50755,7 +50870,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" }, "local_topic": { "type": "string", @@ -51001,7 +51116,7 @@ "enum": [ "restapi" ], - "description": "The drivers for IoTDB connector, can be:
- rest
- thrift" + "description": "IoTDB 连接器使用的驱动程序,可以是:
- rest
- thrift" }, "base_url": { "type": "string", @@ -51070,12 +51185,12 @@ "properties": { "username": { "type": "string", - "description": "The username as configured at the IoTDB REST/Thrift interface" + "description": "在 IoTDB REST/Thrift 接口中配置的用户名。" }, "password": { "type": "string", "format": "password", - "description": "The password as configured at the IoTDB/Thrift REST interface", + "description": "在 IoTDB/Thrift REST 接口中配置的密码。", "example": "R4ND0M/S∃CЯ∃T" } }, @@ -52112,7 +52227,7 @@ "enum": [ "restapi" ], - "description": "The drivers for IoTDB connector, can be:
- rest
- thrift" + "description": "IoTDB 连接器使用的驱动程序,可以是:
- rest
- thrift" }, "base_url": { "type": "string", @@ -52207,7 +52322,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" }, "driver": { "default": "ms-sql", @@ -52584,7 +52699,7 @@ "undefined_vars_as_null": { "default": false, "type": "boolean", - "description": "When writing to databases, treat undefined variables as NULL.
When this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.
This option should always be `true` if possible; the default value `false` is only to ensure backward compatibility." + "description": "写入数据库时,将未定义的变量视为 NULL。
启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。
如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。" }, "batch_value_separator": { "default": ", ", @@ -52920,11 +53035,11 @@ "enum": [ "thrift" ], - "description": "The drivers for IoTDB connector, can be:
- rest
- thrift" + "description": "IoTDB 连接器使用的驱动程序,可以是:
- rest
- thrift" }, "server": { "type": "string", - "description": "The address of the IoTDB Thrift server (host:port)" + "description": "IoTDB Thrift 服务器的地址(主机:端口)。" }, "protocol_version": { "default": "protocol_v3", @@ -52934,39 +53049,39 @@ "protocol_v2", "protocol_v3" ], - "description": "The version of IoTDB Thrift protocol" + "description": "IoTDB Thrift 协议的版本。" }, "zoneId": { "default": "Asia/Shanghai", "type": "string", - "description": "Timezone for IoTDB Thrift session" + "description": "IoTDB Thrift 会话的时区。" }, "pool_size": { "default": 8, "type": "integer", - "description": "Size for the IoTDB Thrift connection pool", + "description": "IoTDB Thrift 连接池的大小。", "minimum": 1 }, "connect_timeout": { "default": "10s", "type": "string", - "description": "Timeout for connecting to the IoTDB Thrift server", + "description": "连接到 IoTDB Thrift 服务器的超时时间。", "example": "32s" }, "recv_timeout": { "default": "10s", "type": "string", - "description": "Timeout for IoTDB Thrift server response", + "description": "IoTDB Thrift 服务器响应的超时时间。", "example": "32s" }, "username": { "type": "string", - "description": "The username as configured at the IoTDB REST/Thrift interface" + "description": "在 IoTDB REST/Thrift 接口中配置的用户名。" }, "password": { "type": "string", "format": "password", - "description": "The password as configured at the IoTDB/Thrift REST interface", + "description": "在 IoTDB/Thrift REST 接口中配置的密码。", "example": "R4ND0M/S∃CЯ∃T" }, "ssl": { @@ -54428,11 +54543,20 @@ { "in": "query", "name": "aggregate", - "description": "Whether to aggregate all nodes Metrics", + "description": "Whether to aggregate all nodes Metrics. Default value is 'true'.", "required": false, "schema": { "type": "boolean" } + }, + { + "in": "query", + "name": "node", + "description": "Specify which specific node to fetch data from. If not provided, return values for all nodes. This parameter only works when 'aggregate' is 'false'.", + "required": false, + "schema": { + "type": "string" + } } ], "responses": { @@ -54774,8 +54898,36 @@ } ], "responses": { - "204": { - "description": "Users imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -57167,13 +57319,13 @@ "application/json": { "examples": { "evacuation": { - "wait_health_check": "10s", - "wait_takeover": "10s", "conn_evict_rate": 100, "sess_evict_rate": 100, "migrate_to": [ "othernode@127.0.0.1" ], + "wait_takeover": "10s", + "wait_health_check": "10s", "redirect_to": "othernode:1883" } }, @@ -57308,8 +57460,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -57558,8 +57710,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -57757,8 +57909,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -58054,8 +58206,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -58253,8 +58405,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -58425,9 +58577,7 @@ } } ], - "access_rules": [ - "allow all" - ], + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -58439,7 +58589,9 @@ ], "fail_if_no_peer_cert": false }, - "acceptors": 16, + "access_rules": [ + "allow all" + ], "max_conn_rate": 1000 }, { @@ -58479,10 +58631,10 @@ } } ], + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, { @@ -58644,6 +58796,7 @@ } } ], + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -58657,7 +58810,6 @@ "fail_if_no_peer_cert": false, "user_lookup_fun": "emqx_tls_psk:lookup" }, - "acceptors": 16, "max_conn_rate": 1000 }, { @@ -58828,9 +58980,7 @@ "active_n": 100 }, "max_connections": 1024000, - "access_rules": [ - "allow all" - ], + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -58842,7 +58992,9 @@ ], "fail_if_no_peer_cert": false }, - "acceptors": 16, + "access_rules": [ + "allow all" + ], "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -58870,10 +59022,10 @@ ], "fail_if_no_peer_cert": false }, + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -58987,6 +59139,7 @@ "type": "dtls", "bind": "22214", "max_connections": 1024000, + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -59000,7 +59153,6 @@ "fail_if_no_peer_cert": false, "user_lookup_fun": "emqx_tls_psk:lookup" }, - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A DTLS listener with PSK example" @@ -59126,9 +59278,7 @@ "active_n": 100 }, "max_connections": 1024000, - "access_rules": [ - "allow all" - ], + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -59140,7 +59290,9 @@ ], "fail_if_no_peer_cert": false }, - "acceptors": 16, + "access_rules": [ + "allow all" + ], "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -59168,10 +59320,10 @@ ], "fail_if_no_peer_cert": false }, + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -59285,6 +59437,7 @@ "type": "dtls", "bind": "22214", "max_connections": 1024000, + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -59298,7 +59451,6 @@ "fail_if_no_peer_cert": false, "user_lookup_fun": "emqx_tls_psk:lookup" }, - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A DTLS listener with PSK example" @@ -59737,6 +59889,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -59844,6 +59997,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -60205,6 +60359,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -63022,6 +63177,28 @@ } } } + }, + "503": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "SERVICE_UNAVAILABLE" + ] + }, + "message": { + "type": "string", + "description": "Service unavailable" + } + }, + "type": "object" + } + } + } } }, "summary": "Update source", @@ -63255,6 +63432,74 @@ } } } + }, + "400": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "BAD_REQUEST" + ] + }, + "message": { + "type": "string", + "description": "Invalid table sets: bar, foo" + } + }, + "type": "object" + } + } + } + }, + "500": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "BAD_REQUEST" + ] + }, + "message": { + "type": "string", + "description": "Error processing export: ..." + } + }, + "type": "object" + } + } + } + } + }, + "requestBody": { + "content": { + "application/json": { + "example": { + "root_keys": [ + "connectors", + "actions", + "sources", + "rule_engine", + "schema_registry" + ], + "table_sets": [ + "banned", + "builtin_authn", + "builtin_authn_scram", + "builtin_authz" + ] + }, + "schema": { + "$ref": "#/components/schemas/emqx_mgmt_api_data_backup.export_request_body" + } + } } }, "security": [ @@ -63470,82 +63715,82 @@ "lwm2m_client": { "value": { "recv_oct": 56, - "subscriptions_cnt": 0, - "mqueue_len": 0, "awaiting_rel_cnt": 0, - "recv_pkt": 1, - "recv_msg": 0, - "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", - "mailbox_len": 0, - "mqueue_dropped": 0, - "inflight_cnt": 0, - "keepalive": 0, "endpoint_name": "urn:imei:154928475237123", - "connected_at": "2021-12-07T10:44:02.721+08:00", + "mqueue_max": "infinity", + "inflight_max": "infinity", + "subscriptions_max": "infinity", + "awaiting_rel_max": "infinity", + "keepalive": 0, "node": "emqx@127.0.0.1", + "subscriptions_cnt": 0, "send_cnt": 1, - "send_oct": 61, - "disconnected_at": null, - "expiry_interval": 0, - "heap_size": 4185, - "subscriptions_max": "infinity", - "port": 50675, + "mqueue_dropped": 0, "clean_start": true, + "mailbox_len": 0, + "disconnected_at": null, "proto_name": "LwM2M", - "awaiting_rel_max": "infinity", "proto_ver": "1.0", + "send_oct": 61, + "heap_size": 4185, + "mqueue_len": 0, + "username": "guest", + "recv_pkt": 1, "ip_address": "127.0.0.1", - "send_pkt": 1, + "port": 50675, + "recv_msg": 0, "created_at": "2021-12-07T10:44:02.721+08:00", - "lifetime": 86400, - "is_bridge": false, - "username": "guest", + "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", + "inflight_cnt": 0, "send_msg": 0, + "lifetime": 86400, + "connected_at": "2021-12-07T10:44:02.721+08:00", + "expiry_interval": 0, "connected": true, - "mqueue_max": "infinity", "reductions": 72022, + "send_pkt": 1, "recv_cnt": 1, - "inflight_max": "infinity" + "is_bridge": false }, "summary": "LwM2M client info" }, "general_client": { "value": { "recv_oct": 56, - "subscriptions_cnt": 0, - "mqueue_len": 0, "awaiting_rel_cnt": 0, - "recv_pkt": 1, - "recv_msg": 0, - "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", - "mailbox_len": 0, - "mqueue_dropped": 0, - "inflight_cnt": 0, + "mqueue_max": "infinity", + "inflight_max": "infinity", + "subscriptions_max": "infinity", + "awaiting_rel_max": "infinity", "keepalive": 0, - "connected_at": "2021-12-07T10:44:02.721+08:00", "node": "emqx@127.0.0.1", + "subscriptions_cnt": 0, "send_cnt": 1, - "send_oct": 61, - "disconnected_at": null, - "expiry_interval": 0, - "heap_size": 4185, - "subscriptions_max": "infinity", - "port": 50675, + "mqueue_dropped": 0, "clean_start": true, + "mailbox_len": 0, + "disconnected_at": null, "proto_name": "STOMP", - "awaiting_rel_max": "infinity", "proto_ver": "1.0", + "send_oct": 61, + "heap_size": 4185, + "mqueue_len": 0, + "username": "guest", + "recv_pkt": 1, "ip_address": "127.0.0.1", - "send_pkt": 1, + "port": 50675, + "recv_msg": 0, "created_at": "2021-12-07T10:44:02.721+08:00", - "is_bridge": false, - "username": "guest", + "clientid": "MzAyMzEzNTUwNzk1NDA1MzYyMzIwNzUxNjQwMTY1NzQ0NjE", + "inflight_cnt": 0, "send_msg": 0, + "connected_at": "2021-12-07T10:44:02.721+08:00", + "expiry_interval": 0, "connected": true, - "mqueue_max": "infinity", "reductions": 72022, + "send_pkt": 1, "recv_cnt": 1, - "inflight_max": "infinity" + "is_bridge": false }, "summary": "General client info" } @@ -64476,6 +64721,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -64625,6 +64871,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -65171,6 +65418,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -65809,6 +66057,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -65958,6 +66207,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -66504,6 +66754,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -67133,6 +67384,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -67223,6 +67475,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -67543,6 +67796,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -68373,9 +68627,7 @@ "active_n": 100 }, "max_connections": 1024000, - "access_rules": [ - "allow all" - ], + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -68387,7 +68639,9 @@ ], "fail_if_no_peer_cert": false }, - "acceptors": 16, + "access_rules": [ + "allow all" + ], "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -68415,10 +68669,10 @@ ], "fail_if_no_peer_cert": false }, + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -68532,6 +68786,7 @@ "type": "dtls", "bind": "22214", "max_connections": 1024000, + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -68545,7 +68800,6 @@ "fail_if_no_peer_cert": false, "user_lookup_fun": "emqx_tls_psk:lookup" }, - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A DTLS listener with PSK example" @@ -68719,9 +68973,7 @@ "active_n": 100 }, "max_connections": 1024000, - "access_rules": [ - "allow all" - ], + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -68733,7 +68985,9 @@ ], "fail_if_no_peer_cert": false }, - "acceptors": 16, + "access_rules": [ + "allow all" + ], "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -68761,10 +69015,10 @@ ], "fail_if_no_peer_cert": false }, + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -68878,6 +69132,7 @@ "type": "dtls", "bind": "22214", "max_connections": 1024000, + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -68891,7 +69146,6 @@ "fail_if_no_peer_cert": false, "user_lookup_fun": "emqx_tls_psk:lookup" }, - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A DTLS listener with PSK example" @@ -69017,9 +69271,7 @@ "active_n": 100 }, "max_connections": 1024000, - "access_rules": [ - "allow all" - ], + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -69031,7 +69283,9 @@ ], "fail_if_no_peer_cert": false }, - "acceptors": 16, + "access_rules": [ + "allow all" + ], "max_conn_rate": 1000 }, "summary": "A simple DTLS listener example" @@ -69059,10 +69313,10 @@ ], "fail_if_no_peer_cert": false }, + "acceptors": 16, "access_rules": [ "allow all" ], - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A simple SSL listener example" @@ -69176,6 +69430,7 @@ "type": "dtls", "bind": "22214", "max_connections": 1024000, + "acceptors": 16, "dtls_options": { "cacertfile": "${EMQX_ETC_DIR}/certs/cacert.pem", "certfile": "${EMQX_ETC_DIR}/certs/cert.pem", @@ -69189,7 +69444,6 @@ "fail_if_no_peer_cert": false, "user_lookup_fun": "emqx_tls_psk:lookup" }, - "acceptors": 16, "max_conn_rate": 1000 }, "summary": "A DTLS listener with PSK example" @@ -70062,8 +70316,8 @@ } ], "resource_metrics": { - "matched": 0, "success": 0, + "matched": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -70088,8 +70342,8 @@ { "node": "emqx@127.0.0.1", "metrics": { - "matched": 0, "success": 0, + "matched": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -70627,10 +70881,10 @@ "base_url": "http://iotdb.local:18080/", "pool_type": "random", "resource_opts": { - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "enable_pipelining": 100, "iotdb_version": "v1.1.x", @@ -70828,11 +71082,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -70875,11 +71129,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -70893,11 +71147,11 @@ "max_retries": 3, "aws_secret_access_key": "******", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", "partition_key": "key", @@ -70923,11 +71177,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -70951,11 +71205,11 @@ "auto_reconnect": "2s", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "payload_template": "", "routing_key": "my_routing_key", @@ -70976,11 +71230,11 @@ "aws_secret_access_key": "******", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "aws_access_key_id": "root" @@ -71000,11 +71254,11 @@ "sql": "insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -71057,11 +71311,11 @@ "server": "http://127.0.0.1:4242", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "enabledb": true }, @@ -71116,11 +71370,11 @@ "sql": "insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "sid": "ORCL" @@ -71140,8 +71394,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "query_mode": "sync", - "batch_time": "20ms" + "batch_time": "20ms", + "query_mode": "sync" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -71172,7 +71426,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -71184,7 +71437,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -71231,8 +71485,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -71273,11 +71527,11 @@ "servers": "127.0.0.1:9042", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "keyspace": "mqtt" @@ -71327,19 +71581,19 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "batch_value_separator": ", " @@ -71360,11 +71614,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -71383,11 +71637,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -71420,20 +71674,20 @@ { "qos": 1, "mqtt_topic": "mqtt/topic/${.offset}", - "kafka_topic": "kafka-topic-1", - "payload_template": "${.}" + "payload_template": "${.}", + "kafka_topic": "kafka-topic-1" }, { "qos": 2, "mqtt_topic": "mqtt/topic/2", - "kafka_topic": "kafka-topic-2", - "payload_template": "v = ${.value}" + "payload_template": "v = ${.value}", + "kafka_topic": "kafka-topic-2" } ], "bootstrap_hosts": "localhost:9092", + "metadata_request_timeout": "4s", "value_encoding_mode": "none", - "key_encoding_mode": "none", - "metadata_request_timeout": "4s" + "key_encoding_mode": "none" }, "summary": "Kafka Consumer Bridge" }, @@ -71447,11 +71701,11 @@ "topic": "TopicTest", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -71470,11 +71724,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -71930,8 +72184,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -72210,8 +72464,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -73469,8 +73723,8 @@ } ], "resource_metrics": { - "matched": 0, "success": 0, + "matched": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -73494,8 +73748,8 @@ { "node": "emqx@127.0.0.1", "metrics": { - "matched": 0, "success": 0, + "matched": 0, "failed": 0, "rate": 0, "rate_last5m": 0, @@ -74006,11 +74260,11 @@ "active_n": 100 }, "max_connections": 204800, + "acceptors": 16, + "proxy_protocol": false, "access_rules": [ "allow all" ], - "acceptors": 16, - "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -74081,11 +74335,11 @@ "active_n": 100 }, "max_connections": 204800, + "acceptors": 16, + "proxy_protocol": false, "access_rules": [ "allow all" ], - "acceptors": 16, - "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -74695,8 +74949,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -74935,8 +75189,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -75134,8 +75388,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -75411,8 +75665,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -75610,8 +75864,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -76498,9 +76752,9 @@ } ], "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, { @@ -76597,12 +76851,12 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, { @@ -76620,11 +76874,11 @@ } ], "resource_opts": { - "worker_pool_size": 16, - "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, { @@ -76782,11 +77036,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -76846,8 +77100,8 @@ "payload_template": "${.payload}", "routing_key": "/", "wait_for_publish_confirmations": true, - "publish_confirmation_timeout": "30s", - "delivery_mode": "non_persistent" + "delivery_mode": "non_persistent", + "publish_confirmation_timeout": "30s" }, "connector": "rabbitmq_connector", "node_status": [ @@ -76944,8 +77198,8 @@ } ], "resource_opts": { - "query_mode": "sync", - "inflight_window": 10 + "inflight_window": 10, + "query_mode": "sync" } }, { @@ -77048,12 +77302,12 @@ ], "resource_opts": { "batch_size": 10000, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, { @@ -77176,11 +77430,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -77215,12 +77469,12 @@ ], "resource_opts": { "batch_size": 100, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, { @@ -77322,8 +77576,8 @@ } ], "resource_opts": { - "query_mode": "async", "inflight_window": 100, + "query_mode": "async", "health_check_interval": "10s" } }, @@ -77356,14 +77610,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", + "pubsub_topic": "mytopic", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } ], - "ordering_key_template": "${payload.ok}", - "pubsub_topic": "mytopic" + "ordering_key_template": "${payload.ok}" }, "connector": "my_connector_name", "node_status": [ @@ -77411,11 +77665,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -77577,9 +77831,9 @@ } ], "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -77685,12 +77939,12 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Direct Upload Action" @@ -77711,11 +77965,11 @@ } ], "resource_opts": { - "worker_pool_size": 16, - "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Couchbase Action" @@ -77888,11 +78142,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -77961,8 +78215,8 @@ "payload_template": "${.payload}", "routing_key": "/", "wait_for_publish_confirmations": true, - "publish_confirmation_timeout": "30s", - "delivery_mode": "non_persistent" + "delivery_mode": "non_persistent", + "publish_confirmation_timeout": "30s" }, "connector": "rabbitmq_connector", "node_status": [ @@ -78071,8 +78325,8 @@ } ], "resource_opts": { - "query_mode": "sync", - "inflight_window": 10 + "inflight_window": 10, + "query_mode": "sync" } }, "summary": "S3 Direct Upload" @@ -78187,12 +78441,12 @@ ], "resource_opts": { "batch_size": 10000, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Snowflake Action" @@ -78333,11 +78587,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -78375,12 +78629,12 @@ ], "resource_opts": { "batch_size": 100, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Aggregated Upload Action" @@ -78494,8 +78748,8 @@ } ], "resource_opts": { - "query_mode": "async", "inflight_window": 100, + "query_mode": "async", "health_check_interval": "10s" } }, @@ -78534,14 +78788,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", + "pubsub_topic": "mytopic", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } ], - "ordering_key_template": "${payload.ok}", - "pubsub_topic": "mytopic" + "ordering_key_template": "${payload.ok}" }, "connector": "my_connector_name", "node_status": [ @@ -78595,11 +78849,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -78758,9 +79012,9 @@ }, "connector": "my_http_connector", "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -78847,12 +79101,12 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Direct Upload Action" @@ -78868,11 +79122,11 @@ }, "connector": "my_connector", "resource_opts": { - "worker_pool_size": 16, - "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Couchbase Action" @@ -79010,11 +79264,11 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -79068,8 +79322,8 @@ "payload_template": "${.payload}", "routing_key": "/", "wait_for_publish_confirmations": true, - "publish_confirmation_timeout": "30s", - "delivery_mode": "non_persistent" + "delivery_mode": "non_persistent", + "publish_confirmation_timeout": "30s" }, "connector": "rabbitmq_connector", "resource_opts": { @@ -79148,8 +79402,8 @@ }, "connector": "my_s3_connector", "resource_opts": { - "query_mode": "sync", - "inflight_window": 10 + "inflight_window": 10, + "query_mode": "sync" } }, "summary": "S3 Direct Upload" @@ -79238,12 +79492,12 @@ "connector": "my_connector", "resource_opts": { "batch_size": 10000, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Snowflake Action" @@ -79342,11 +79596,11 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -79379,12 +79633,12 @@ "connector": "my_connector", "resource_opts": { "batch_size": 100, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Aggregated Upload Action" @@ -79472,8 +79726,8 @@ }, "connector": "my_s3_connector", "resource_opts": { - "query_mode": "async", "inflight_window": 100, + "query_mode": "async", "health_check_interval": "10s" } }, @@ -79506,14 +79760,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", + "pubsub_topic": "mytopic", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } ], - "ordering_key_template": "${payload.ok}", - "pubsub_topic": "mytopic" + "ordering_key_template": "${payload.ok}" }, "connector": "my_connector_name", "resource_opts": { @@ -79547,11 +79801,11 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -79759,7 +80013,7 @@ "schema": { "type": "string" }, - "example": "265CC0026343EB92" + "example": "368BB1A145C500E6" } ], "responses": { @@ -79844,7 +80098,7 @@ "schema": { "type": "string" }, - "example": "265CC0026343EB92" + "example": "368BB1A145C500E6" } ], "responses": { @@ -80373,13 +80627,13 @@ "nodes": [ "othernode@127.0.0.1" ], - "wait_health_check": "10s", - "wait_takeover": "10s", "conn_evict_rate": 10, "sess_evict_rate": 20, + "wait_takeover": "10s", + "wait_health_check": "10s", "rel_sess_threshold": 1.5, - "abs_sess_threshold": 10, "rel_conn_threshold": 1.5, + "abs_sess_threshold": 10, "abs_conn_threshold": 10 } }, @@ -80802,10 +81056,10 @@ "base_url": "http://iotdb.local:18080/", "pool_type": "random", "resource_opts": { - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "enable_pipelining": 100, "iotdb_version": "v1.1.x", @@ -81024,11 +81278,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -81071,11 +81325,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -81089,11 +81343,11 @@ "max_retries": 3, "aws_secret_access_key": "******", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", "partition_key": "key", @@ -81119,11 +81373,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -81147,11 +81401,11 @@ "auto_reconnect": "2s", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "payload_template": "", "routing_key": "my_routing_key", @@ -81172,11 +81426,11 @@ "aws_secret_access_key": "******", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "aws_access_key_id": "root" @@ -81196,11 +81450,11 @@ "sql": "insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -81253,11 +81507,11 @@ "server": "http://127.0.0.1:4242", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "enabledb": true }, @@ -81312,11 +81566,11 @@ "sql": "insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "sid": "ORCL" @@ -81336,8 +81590,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "query_mode": "sync", - "batch_time": "20ms" + "batch_time": "20ms", + "query_mode": "sync" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -81368,7 +81622,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -81380,7 +81633,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -81427,8 +81681,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -81469,11 +81723,11 @@ "servers": "127.0.0.1:9042", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "keyspace": "mqtt" @@ -81523,19 +81777,19 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "batch_value_separator": ", " @@ -81556,11 +81810,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -81586,11 +81840,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -81630,20 +81884,20 @@ { "qos": 1, "mqtt_topic": "mqtt/topic/${.offset}", - "kafka_topic": "kafka-topic-1", - "payload_template": "${.}" + "payload_template": "${.}", + "kafka_topic": "kafka-topic-1" }, { "qos": 2, "mqtt_topic": "mqtt/topic/2", - "kafka_topic": "kafka-topic-2", - "payload_template": "v = ${.value}" + "payload_template": "v = ${.value}", + "kafka_topic": "kafka-topic-2" } ], "bootstrap_hosts": "localhost:9092", + "metadata_request_timeout": "4s", "value_encoding_mode": "none", - "key_encoding_mode": "none", - "metadata_request_timeout": "4s" + "key_encoding_mode": "none" }, "summary": "Kafka Consumer Bridge" }, @@ -81657,11 +81911,11 @@ "topic": "TopicTest", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -81687,11 +81941,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -81900,10 +82154,10 @@ "base_url": "http://iotdb.local:18080/", "pool_type": "random", "resource_opts": { - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "enable_pipelining": 100, "iotdb_version": "v1.1.x", @@ -82122,11 +82376,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -82169,11 +82423,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -82187,11 +82441,11 @@ "max_retries": 3, "aws_secret_access_key": "******", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", "partition_key": "key", @@ -82217,11 +82471,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -82245,11 +82499,11 @@ "auto_reconnect": "2s", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "payload_template": "", "routing_key": "my_routing_key", @@ -82270,11 +82524,11 @@ "aws_secret_access_key": "******", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "aws_access_key_id": "root" @@ -82294,11 +82548,11 @@ "sql": "insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -82351,11 +82605,11 @@ "server": "http://127.0.0.1:4242", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "enabledb": true }, @@ -82410,11 +82664,11 @@ "sql": "insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "sid": "ORCL" @@ -82434,8 +82688,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "query_mode": "sync", - "batch_time": "20ms" + "batch_time": "20ms", + "query_mode": "sync" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -82466,7 +82720,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -82478,7 +82731,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -82525,8 +82779,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -82567,11 +82821,11 @@ "servers": "127.0.0.1:9042", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "keyspace": "mqtt" @@ -82621,19 +82875,19 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "batch_value_separator": ", " @@ -82654,11 +82908,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -82684,11 +82938,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -82728,20 +82982,20 @@ { "qos": 1, "mqtt_topic": "mqtt/topic/${.offset}", - "kafka_topic": "kafka-topic-1", - "payload_template": "${.}" + "payload_template": "${.}", + "kafka_topic": "kafka-topic-1" }, { "qos": 2, "mqtt_topic": "mqtt/topic/2", - "kafka_topic": "kafka-topic-2", - "payload_template": "v = ${.value}" + "payload_template": "v = ${.value}", + "kafka_topic": "kafka-topic-2" } ], "bootstrap_hosts": "localhost:9092", + "metadata_request_timeout": "4s", "value_encoding_mode": "none", - "key_encoding_mode": "none", - "metadata_request_timeout": "4s" + "key_encoding_mode": "none" }, "summary": "Kafka Consumer Bridge" }, @@ -82755,11 +83009,11 @@ "topic": "TopicTest", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -82785,11 +83039,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -82992,10 +83246,10 @@ "base_url": "http://iotdb.local:18080/", "pool_type": "random", "resource_opts": { - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "enable_pipelining": 100, "iotdb_version": "v1.1.x", @@ -83189,11 +83443,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -83234,11 +83488,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -83252,11 +83506,11 @@ "max_retries": 3, "aws_secret_access_key": "******", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", "partition_key": "key", @@ -83280,11 +83534,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -83308,11 +83562,11 @@ "auto_reconnect": "2s", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "payload_template": "", "routing_key": "my_routing_key", @@ -83333,11 +83587,11 @@ "aws_secret_access_key": "******", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "aws_access_key_id": "root" @@ -83357,11 +83611,11 @@ "sql": "insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -83414,11 +83668,11 @@ "server": "http://127.0.0.1:4242", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "enabledb": true }, @@ -83473,11 +83727,11 @@ "sql": "insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "sid": "ORCL" @@ -83497,8 +83751,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "query_mode": "sync", - "batch_time": "20ms" + "batch_time": "20ms", + "query_mode": "sync" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -83529,7 +83783,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -83541,7 +83794,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -83584,8 +83838,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -83626,11 +83880,11 @@ "servers": "127.0.0.1:9042", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "keyspace": "mqtt" @@ -83680,19 +83934,19 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "batch_value_separator": ", " @@ -83713,11 +83967,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -83736,11 +83990,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -83771,20 +84025,20 @@ { "qos": 1, "mqtt_topic": "mqtt/topic/${.offset}", - "kafka_topic": "kafka-topic-1", - "payload_template": "${.}" + "payload_template": "${.}", + "kafka_topic": "kafka-topic-1" }, { "qos": 2, "mqtt_topic": "mqtt/topic/2", - "kafka_topic": "kafka-topic-2", - "payload_template": "v = ${.value}" + "payload_template": "v = ${.value}", + "kafka_topic": "kafka-topic-2" } ], "bootstrap_hosts": "localhost:9092", + "metadata_request_timeout": "4s", "value_encoding_mode": "none", - "key_encoding_mode": "none", - "metadata_request_timeout": "4s" + "key_encoding_mode": "none" }, "summary": "Kafka Consumer Bridge" }, @@ -83798,11 +84052,11 @@ "topic": "TopicTest", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -83821,11 +84075,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -84369,11 +84623,11 @@ "nl": 0, "topic": "stomp/topic", "qos": 1, - "rap": 0, - "rh": 0, "sub_props": { "subid": "10" - } + }, + "rap": 0, + "rh": 0 }, "summary": "A STOMP subscription" } @@ -84450,11 +84704,11 @@ "nl": 0, "topic": "stomp/topic", "qos": 1, - "rap": 0, - "rh": 0, "sub_props": { "subid": "10" - } + }, + "rap": 0, + "rh": 0 }, "summary": "A STOMP subscription" } @@ -86622,8 +86876,8 @@ }, { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -86802,8 +87056,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -87008,8 +87262,8 @@ "password_based:redis": { "value": { "mechanism": "password_based", - "server": "127.0.0.1:6379", "cmd": "HMGET ${username} password_hash salt", + "server": "127.0.0.1:6379", "database": 0, "backend": "redis", "password_hash_algorithm": { @@ -87792,9 +88046,9 @@ }, "connector": "my_http_connector", "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -87881,12 +88135,12 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Direct Upload Action" @@ -87902,11 +88156,11 @@ }, "connector": "my_connector", "resource_opts": { - "worker_pool_size": 16, - "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Couchbase Action" @@ -88044,11 +88298,11 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -88102,8 +88356,8 @@ "payload_template": "${.payload}", "routing_key": "/", "wait_for_publish_confirmations": true, - "publish_confirmation_timeout": "30s", - "delivery_mode": "non_persistent" + "delivery_mode": "non_persistent", + "publish_confirmation_timeout": "30s" }, "connector": "rabbitmq_connector", "resource_opts": { @@ -88182,8 +88436,8 @@ }, "connector": "my_s3_connector", "resource_opts": { - "query_mode": "sync", - "inflight_window": 10 + "inflight_window": 10, + "query_mode": "sync" } }, "summary": "S3 Direct Upload" @@ -88272,12 +88526,12 @@ "connector": "my_connector", "resource_opts": { "batch_size": 10000, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Snowflake Action" @@ -88376,11 +88630,11 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -88413,12 +88667,12 @@ "connector": "my_connector", "resource_opts": { "batch_size": 100, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Aggregated Upload Action" @@ -88506,8 +88760,8 @@ }, "connector": "my_s3_connector", "resource_opts": { - "query_mode": "async", "inflight_window": 100, + "query_mode": "async", "health_check_interval": "10s" } }, @@ -88540,14 +88794,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", + "pubsub_topic": "mytopic", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } ], - "ordering_key_template": "${payload.ok}", - "pubsub_topic": "mytopic" + "ordering_key_template": "${payload.ok}" }, "connector": "my_connector_name", "resource_opts": { @@ -88581,11 +88835,11 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -89479,7 +89733,7 @@ ] }, "post": { - "description": "Declare new durable queue.", + "description": "声明新持久队列。", "tags": [ "Durable Queues" ], @@ -89921,38 +90175,38 @@ "types": { "value": [ "http", - "rocketmq", "rabbitmq", "cassandra", - "influxdb", - "greptimedb", - "iotdb", + "rocketmq", + "sqlserver", "pulsar", + "syskeeper_forwarder", "hstreamdb", + "mongodb", + "greptimedb", + "kafka_producer", "confluent_producer", - "syskeeper_forwarder", "gcp_pubsub_producer", - "mongodb", + "influxdb", + "iotdb", "azure_event_hub_producer", - "kafka_producer", - "sqlserver", - "opents", "kinesis", - "datalayers", "s3", "redis", + "datalayers", + "opents", "mqtt", - "clickhouse", "snowflake", - "couchbase", - "azure_blob_storage", - "timescale", "tdengine", + "couchbase", "oracle", + "clickhouse", + "timescale", + "azure_blob_storage", "matrix", "elasticsearch", - "pgsql", "mysql", + "pgsql", "dynamo" ], "summary": "Action types" @@ -89964,38 +90218,38 @@ "type": "string", "enum": [ "http", - "rocketmq", "rabbitmq", "cassandra", - "influxdb", - "greptimedb", - "iotdb", + "rocketmq", + "sqlserver", "pulsar", + "syskeeper_forwarder", "hstreamdb", + "mongodb", + "greptimedb", + "kafka_producer", "confluent_producer", - "syskeeper_forwarder", "gcp_pubsub_producer", - "mongodb", + "influxdb", + "iotdb", "azure_event_hub_producer", - "kafka_producer", - "sqlserver", - "opents", "kinesis", - "datalayers", "s3", "redis", + "datalayers", + "opents", "mqtt", - "clickhouse", "snowflake", - "couchbase", - "azure_blob_storage", - "timescale", "tdengine", + "couchbase", "oracle", + "clickhouse", + "timescale", + "azure_blob_storage", "matrix", "elasticsearch", - "pgsql", "mysql", + "pgsql", "dynamo" ] } @@ -90675,7 +90929,7 @@ "schema": { "type": "string" }, - "example": "265CC0026343EB92" + "example": "368BB1A145C500E6" } ], "responses": { @@ -91402,7 +91656,7 @@ } }, "update_msg_publish_condition": "always", - "xml_dir": "/etc/emqx/lwm2m_xml" + "xml_dir": "etc/lwm2m_xml" }, "summary": "A simple LwM2M gateway config" }, @@ -91901,9 +92155,9 @@ } ], "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -92009,12 +92263,12 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Direct Upload Action" @@ -92035,11 +92289,11 @@ } ], "resource_opts": { - "worker_pool_size": 16, - "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Couchbase Action" @@ -92212,11 +92466,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -92285,8 +92539,8 @@ "payload_template": "${.payload}", "routing_key": "/", "wait_for_publish_confirmations": true, - "publish_confirmation_timeout": "30s", - "delivery_mode": "non_persistent" + "delivery_mode": "non_persistent", + "publish_confirmation_timeout": "30s" }, "connector": "rabbitmq_connector", "node_status": [ @@ -92395,8 +92649,8 @@ } ], "resource_opts": { - "query_mode": "sync", - "inflight_window": 10 + "inflight_window": 10, + "query_mode": "sync" } }, "summary": "S3 Direct Upload" @@ -92511,12 +92765,12 @@ ], "resource_opts": { "batch_size": 10000, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Snowflake Action" @@ -92657,11 +92911,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -92699,12 +92953,12 @@ ], "resource_opts": { "batch_size": 100, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Aggregated Upload Action" @@ -92818,8 +93072,8 @@ } ], "resource_opts": { - "query_mode": "async", "inflight_window": 100, + "query_mode": "async", "health_check_interval": "10s" } }, @@ -92858,14 +93112,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", + "pubsub_topic": "mytopic", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } ], - "ordering_key_template": "${payload.ok}", - "pubsub_topic": "mytopic" + "ordering_key_template": "${payload.ok}" }, "connector": "my_connector_name", "node_status": [ @@ -92919,11 +93173,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -93117,9 +93371,9 @@ } ], "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -93225,12 +93479,12 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Direct Upload Action" @@ -93251,11 +93505,11 @@ } ], "resource_opts": { - "worker_pool_size": 16, - "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Couchbase Action" @@ -93428,11 +93682,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -93501,8 +93755,8 @@ "payload_template": "${.payload}", "routing_key": "/", "wait_for_publish_confirmations": true, - "publish_confirmation_timeout": "30s", - "delivery_mode": "non_persistent" + "delivery_mode": "non_persistent", + "publish_confirmation_timeout": "30s" }, "connector": "rabbitmq_connector", "node_status": [ @@ -93611,8 +93865,8 @@ } ], "resource_opts": { - "query_mode": "sync", - "inflight_window": 10 + "inflight_window": 10, + "query_mode": "sync" } }, "summary": "S3 Direct Upload" @@ -93727,12 +93981,12 @@ ], "resource_opts": { "batch_size": 10000, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Snowflake Action" @@ -93873,11 +94127,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -93915,12 +94169,12 @@ ], "resource_opts": { "batch_size": 100, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Aggregated Upload Action" @@ -94034,8 +94288,8 @@ } ], "resource_opts": { - "query_mode": "async", "inflight_window": 100, + "query_mode": "async", "health_check_interval": "10s" } }, @@ -94074,14 +94328,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", + "pubsub_topic": "mytopic", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } ], - "ordering_key_template": "${payload.ok}", - "pubsub_topic": "mytopic" + "ordering_key_template": "${payload.ok}" }, "connector": "my_connector_name", "node_status": [ @@ -94135,11 +94389,11 @@ ], "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -94300,6 +94554,28 @@ } } } + }, + "503": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "code": { + "type": "string", + "enum": [ + "SERVICE_UNAVAILABLE" + ] + }, + "message": { + "type": "string", + "description": "Service unavailable" + } + }, + "type": "object" + } + } + } } }, "summary": "Update bridge", @@ -94318,9 +94594,9 @@ }, "connector": "my_http_connector", "resource_opts": { - "worker_pool_size": 16, "query_mode": "async", - "health_check_interval": "15s" + "health_check_interval": "15s", + "worker_pool_size": 16 } }, "summary": "HTTP Action" @@ -94401,12 +94677,12 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "0ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Direct Upload Action" @@ -94420,11 +94696,11 @@ }, "connector": "my_connector", "resource_opts": { - "worker_pool_size": 16, - "query_mode": "sync", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Couchbase Action" @@ -94554,11 +94830,11 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -94606,8 +94882,8 @@ "payload_template": "${.payload}", "routing_key": "/", "wait_for_publish_confirmations": true, - "publish_confirmation_timeout": "30s", - "delivery_mode": "non_persistent" + "delivery_mode": "non_persistent", + "publish_confirmation_timeout": "30s" }, "connector": "rabbitmq_connector", "resource_opts": { @@ -94676,8 +94952,8 @@ "acl": "public_read" }, "resource_opts": { - "query_mode": "sync", - "inflight_window": 10 + "inflight_window": 10, + "query_mode": "sync" } }, "summary": "S3 Direct Upload" @@ -94758,12 +95034,12 @@ "connector": "my_connector", "resource_opts": { "batch_size": 10000, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "60s", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Snowflake Action" @@ -94852,11 +95128,11 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -94887,12 +95163,12 @@ "connector": "my_connector", "resource_opts": { "batch_size": 100, - "worker_pool_size": 16, - "query_mode": "sync", "batch_time": "10ms", "inflight_window": 100, "request_ttl": "45s", - "health_check_interval": "30s" + "query_mode": "sync", + "health_check_interval": "30s", + "worker_pool_size": 16 } }, "summary": "Azure Blob Storage Aggregated Upload Action" @@ -94970,8 +95246,8 @@ } }, "resource_opts": { - "query_mode": "async", "inflight_window": 100, + "query_mode": "async", "health_check_interval": "10s" } }, @@ -95000,14 +95276,14 @@ "enable": true, "parameters": { "payload_template": "${payload}", + "pubsub_topic": "mytopic", "attributes_template": [ { "value": "${payload.attrs.v}", "key": "${payload.attrs.k}" } ], - "ordering_key_template": "${payload.ok}", - "pubsub_topic": "mytopic" + "ordering_key_template": "${payload.ok}" }, "connector": "my_connector_name", "resource_opts": { @@ -95039,11 +95315,11 @@ "connector": "my_connector", "resource_opts": { "batch_size": 1, - "worker_pool_size": 16, "max_buffer_bytes": "256MB", "batch_time": "50ms", "inflight_window": 100, - "request_ttl": "45s" + "request_ttl": "45s", + "worker_pool_size": 16 }, "parameters": { "sql": "INSERT INTO client_events(clientid, event, created_at)VALUES (\n ${clientid},\n ${event},\n TO_TIMESTAMP((${timestamp} :: bigint))\n)" @@ -95730,8 +96006,36 @@ } ], "responses": { - "204": { - "description": "Imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -96132,7 +96436,7 @@ { "in": "query", "name": "clientid", - "description": "Query the banned objects with an exact client ID.", + "description": "使用精确的客户端 ID 查询封禁规则。", "required": false, "schema": { "type": "string" @@ -96141,7 +96445,7 @@ { "in": "query", "name": "username", - "description": "Query the banned objects with an exact username.", + "description": "使用精确的用户名查询封禁规则。", "required": false, "schema": { "type": "string" @@ -96150,7 +96454,7 @@ { "in": "query", "name": "peerhost", - "description": "Query the banned objects with an exact IP address.", + "description": "使用精确的 IP 地址查询封禁规则。", "required": false, "schema": { "type": "string" @@ -96160,7 +96464,7 @@ { "in": "query", "name": "like_clientid", - "description": "Fuzzy query banned objects with a regular expression for client ID.", + "description": "使用客户端 ID 正则表达式来匹配查询封禁规则。", "required": false, "schema": { "type": "string" @@ -96169,7 +96473,7 @@ { "in": "query", "name": "like_username", - "description": "Fuzzy query banned objects with a regular expression for username.", + "description": "使用用户名正则表达式来匹配查询被封禁规则。", "required": false, "schema": { "type": "string" @@ -96178,7 +96482,7 @@ { "in": "query", "name": "like_peerhost", - "description": "Fuzzy query banned objects with a regular expression for IP address.", + "description": "使用 IP 地址正则表达式来匹配查询被封禁规则。", "required": false, "schema": { "type": "string" @@ -96188,7 +96492,7 @@ { "in": "query", "name": "like_peerhost_net", - "description": "Fuzzy query banned objects with a regular expression for CIDR.", + "description": "使用 CIDR 正则表达式来匹配查询被封禁规则。", "required": false, "schema": { "type": "string" @@ -96711,6 +97015,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -96845,6 +97150,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -97331,6 +97637,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -97892,6 +98199,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -98041,6 +98349,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -98587,6 +98896,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -99196,6 +99506,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -99303,6 +99614,7 @@ "enable": false }, "description": "My example datalayers connector", + "pool_size": 8, "server": "127.0.0.1:8361", "enable": true, "parameters": { @@ -99664,6 +99976,7 @@ "enable": false }, "description": "My example influxdb connector", + "pool_size": 8, "server": "127.0.0.1:8086", "enable": true, "parameters": { @@ -102713,7 +103026,7 @@ }, "/schema_registry_external": { "get": { - "description": "List external schema registries", + "description": "列出外部 schema registries", "tags": [ "Schema Registry" ], @@ -102770,7 +103083,7 @@ ] }, "post": { - "description": "Create external schema registry", + "description": "创建外部 schema registry", "tags": [ "Schema Registry" ], @@ -104216,11 +104529,11 @@ "active_n": 100 }, "max_connections": 204800, + "acceptors": 16, + "proxy_protocol": false, "access_rules": [ "allow all" ], - "acceptors": 16, - "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -104312,11 +104625,11 @@ "active_n": 100 }, "max_connections": 204800, + "acceptors": 16, + "proxy_protocol": false, "access_rules": [ "allow all" ], - "acceptors": 16, - "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -104409,11 +104722,11 @@ "active_n": 100 }, "max_connections": 204800, + "acceptors": 16, + "proxy_protocol": false, "access_rules": [ "allow all" ], - "acceptors": 16, - "proxy_protocol": false, "proxy_protocol_timeout": "3s", "zone": "default", "mountpoint": "/", @@ -105452,8 +105765,36 @@ } ], "responses": { - "204": { - "description": "Imported" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "properties": { + "total": { + "type": "integer", + "description": "Total number of users contained in the file." + }, + "success": { + "type": "integer" + }, + "override": { + "type": "integer", + "description": "Total number of users successfully imported as overrides." + }, + "skipped": { + "type": "integer", + "description": "Total number of users skipped because imported users are identical to existing users." + }, + "failed": { + "type": "integer", + "description": "Total number of users whose import failed." + } + }, + "type": "object" + } + } + } }, "400": { "description": "", @@ -105892,8 +106233,8 @@ "start_at": "2022-01-11", "expiry": false, "customer_type": 10, - "deployment": "bar-deployment", "customer": "Foo", + "deployment": "bar-deployment", "expiry_at": "2295-10-27" } } @@ -105936,8 +106277,8 @@ "start_at": "2022-01-11", "expiry": false, "customer_type": 10, - "deployment": "bar-deployment", "customer": "Foo", + "deployment": "bar-deployment", "expiry_at": "2295-10-27" } } @@ -106728,10 +107069,10 @@ "base_url": "http://iotdb.local:18080/", "pool_type": "random", "resource_opts": { - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "enable_pipelining": 100, "iotdb_version": "v1.1.x", @@ -106935,11 +107276,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -106976,11 +107317,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -106991,11 +107332,11 @@ "max_retries": 3, "aws_secret_access_key": "******", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", "partition_key": "key", @@ -107018,11 +107359,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -107043,11 +107384,11 @@ "auto_reconnect": "2s", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "payload_template": "", "routing_key": "my_routing_key", @@ -107065,11 +107406,11 @@ "aws_secret_access_key": "******", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "aws_access_key_id": "root" @@ -107086,11 +107427,11 @@ "sql": "insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -107134,11 +107475,11 @@ "server": "http://127.0.0.1:4242", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "enabledb": true }, @@ -107184,11 +107525,11 @@ "sql": "insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "sid": "ORCL" @@ -107205,8 +107546,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "query_mode": "sync", - "batch_time": "20ms" + "batch_time": "20ms", + "query_mode": "sync" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -107231,7 +107572,6 @@ "influxdb_type": "influxdb_api_v1" }, { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -107243,7 +107583,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, { "name": "redis_bridge", @@ -107284,8 +107625,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -107323,11 +107664,11 @@ "servers": "127.0.0.1:9042", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "keyspace": "mqtt" @@ -107371,19 +107712,19 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "batch_value_separator": ", " @@ -107401,11 +107742,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -107428,11 +107769,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -107469,20 +107810,20 @@ { "qos": 1, "mqtt_topic": "mqtt/topic/${.offset}", - "kafka_topic": "kafka-topic-1", - "payload_template": "${.}" + "payload_template": "${.}", + "kafka_topic": "kafka-topic-1" }, { "qos": 2, "mqtt_topic": "mqtt/topic/2", - "kafka_topic": "kafka-topic-2", - "payload_template": "v = ${.value}" + "payload_template": "v = ${.value}", + "kafka_topic": "kafka-topic-2" } ], "bootstrap_hosts": "localhost:9092", + "metadata_request_timeout": "4s", "value_encoding_mode": "none", - "key_encoding_mode": "none", - "metadata_request_timeout": "4s" + "key_encoding_mode": "none" }, { "name": "foo", @@ -107493,11 +107834,11 @@ "topic": "TopicTest", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -107520,11 +107861,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" } @@ -107701,10 +108042,10 @@ "base_url": "http://iotdb.local:18080/", "pool_type": "random", "resource_opts": { - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "enable_pipelining": 100, "iotdb_version": "v1.1.x", @@ -107923,11 +108264,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -107970,11 +108311,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -107988,11 +108329,11 @@ "max_retries": 3, "aws_secret_access_key": "******", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", "partition_key": "key", @@ -108018,11 +108359,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -108046,11 +108387,11 @@ "auto_reconnect": "2s", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "payload_template": "", "routing_key": "my_routing_key", @@ -108071,11 +108412,11 @@ "aws_secret_access_key": "******", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "aws_access_key_id": "root" @@ -108095,11 +108436,11 @@ "sql": "insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -108152,11 +108493,11 @@ "server": "http://127.0.0.1:4242", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "enabledb": true }, @@ -108211,11 +108552,11 @@ "sql": "insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "sid": "ORCL" @@ -108235,8 +108576,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "query_mode": "sync", - "batch_time": "20ms" + "batch_time": "20ms", + "query_mode": "sync" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -108267,7 +108608,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -108279,7 +108619,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -108326,8 +108667,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -108368,11 +108709,11 @@ "servers": "127.0.0.1:9042", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "keyspace": "mqtt" @@ -108422,19 +108763,19 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "batch_value_separator": ", " @@ -108455,11 +108796,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -108485,11 +108826,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -108529,20 +108870,20 @@ { "qos": 1, "mqtt_topic": "mqtt/topic/${.offset}", - "kafka_topic": "kafka-topic-1", - "payload_template": "${.}" + "payload_template": "${.}", + "kafka_topic": "kafka-topic-1" }, { "qos": 2, "mqtt_topic": "mqtt/topic/2", - "kafka_topic": "kafka-topic-2", - "payload_template": "v = ${.value}" + "payload_template": "v = ${.value}", + "kafka_topic": "kafka-topic-2" } ], "bootstrap_hosts": "localhost:9092", + "metadata_request_timeout": "4s", "value_encoding_mode": "none", - "key_encoding_mode": "none", - "metadata_request_timeout": "4s" + "key_encoding_mode": "none" }, "summary": "Kafka Consumer Bridge" }, @@ -108556,11 +108897,11 @@ "topic": "TopicTest", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -108586,11 +108927,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -108771,10 +109112,10 @@ "base_url": "http://iotdb.local:18080/", "pool_type": "random", "resource_opts": { - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "enable_pipelining": 100, "iotdb_version": "v1.1.x", @@ -108972,11 +109313,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -109019,11 +109360,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -109037,11 +109378,11 @@ "max_retries": 3, "aws_secret_access_key": "******", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "endpoint": "https://kinesis.us-east-1.amazonaws.com", "partition_key": "key", @@ -109067,11 +109408,11 @@ "request_timeout": "15s", "pool_type": "random", "resource_opts": { - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 104857600, "inflight_window": 100, - "health_check_interval": 15000 + "query_mode": "async", + "health_check_interval": 15000, + "worker_pool_size": 1 }, "enable_pipelining": 100, "local_topic": "emqx_http/#" @@ -109095,11 +109436,11 @@ "auto_reconnect": "2s", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "payload_template": "", "routing_key": "my_routing_key", @@ -109120,11 +109461,11 @@ "aws_secret_access_key": "******", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "aws_access_key_id": "root" @@ -109144,11 +109485,11 @@ "sql": "insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -109201,11 +109542,11 @@ "server": "http://127.0.0.1:4242", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "enabledb": true }, @@ -109260,11 +109601,11 @@ "sql": "insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "sid": "ORCL" @@ -109284,8 +109625,8 @@ "url": "http://127.0.0.1:6570", "resource_opts": { "batch_size": 100, - "query_mode": "sync", - "batch_time": "20ms" + "batch_time": "20ms", + "query_mode": "sync" }, "record_template": "{ \"temperature\": ${payload.temperature}, \"humidity\": ${payload.humidity} }" }, @@ -109316,7 +109657,6 @@ }, "gcp_pubsub": { "value": { - "pubsub_topic": "mytopic", "service_account_json": { "type": "service_account", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQI...", @@ -109328,7 +109668,8 @@ "private_key_id": "kid", "project_id": "myproject", "token_uri": "https://oauth2.googleapis.com/token" - } + }, + "pubsub_topic": "mytopic" }, "summary": "GCP PubSub Producer Bridge" }, @@ -109375,8 +109716,8 @@ "retry_interval": "15s", "max_inflight": 100, "resource_opts": { - "query_mode": "sync", "max_buffer_bytes": 104857600, + "query_mode": "sync", "health_check_interval": "15s" }, "ingress": { @@ -109417,11 +109758,11 @@ "servers": "127.0.0.1:9042", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "keyspace": "mqtt" @@ -109471,19 +109812,19 @@ "name": "foo", "type": "clickhouse", "pool_size": 8, - "server": "127.0.0.1:8123", "enable": true, "password": "******", + "url": "http://127.0.0.1:8123", "username": "default", "database": "mqtt", "sql": "INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#", "batch_value_separator": ", " @@ -109504,11 +109845,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -109527,11 +109868,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -109564,20 +109905,20 @@ { "qos": 1, "mqtt_topic": "mqtt/topic/${.offset}", - "kafka_topic": "kafka-topic-1", - "payload_template": "${.}" + "payload_template": "${.}", + "kafka_topic": "kafka-topic-1" }, { "qos": 2, "mqtt_topic": "mqtt/topic/2", - "kafka_topic": "kafka-topic-2", - "payload_template": "v = ${.value}" + "payload_template": "v = ${.value}", + "kafka_topic": "kafka-topic-2" } ], "bootstrap_hosts": "localhost:9092", + "metadata_request_timeout": "4s", "value_encoding_mode": "none", - "key_encoding_mode": "none", - "metadata_request_timeout": "4s" + "key_encoding_mode": "none" }, "summary": "Kafka Consumer Bridge" }, @@ -109591,11 +109932,11 @@ "topic": "TopicTest", "resource_opts": { "batch_size": 1, - "worker_pool_size": 1, - "query_mode": "sync", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "sync", + "health_check_interval": "15s", + "worker_pool_size": 1 }, "local_topic": "local/topic/#" }, @@ -109614,11 +109955,11 @@ "sql": "insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))", "resource_opts": { "batch_size": 1, - "worker_pool_size": 8, - "query_mode": "async", "max_buffer_bytes": 268435456, "batch_time": 0, - "health_check_interval": "15s" + "query_mode": "async", + "health_check_interval": "15s", + "worker_pool_size": 8 }, "local_topic": "local/topic/#" }, @@ -110556,7 +110897,7 @@ }, "/schema_registry_external/registry/{name}": { "get": { - "description": "Lookup external schema registry", + "description": "查询外部 schema registry", "tags": [ "Schema Registry" ], @@ -110564,7 +110905,7 @@ { "in": "path", "name": "name", - "description": "External registry name", + "description": "外部 registry 名称", "required": true, "schema": { "type": "string" @@ -110638,7 +110979,7 @@ ] }, "put": { - "description": "Update external schema registry", + "description": "更新外部 schema registry", "tags": [ "Schema Registry" ], @@ -110646,7 +110987,7 @@ { "in": "path", "name": "name", - "description": "External registry name", + "description": "外部 registry 名称", "required": true, "schema": { "type": "string" @@ -110739,7 +111080,7 @@ ] }, "delete": { - "description": "Delete external schema registry", + "description": "删除外部 schema registry", "tags": [ "Schema Registry" ], @@ -110747,7 +111088,7 @@ { "in": "path", "name": "name", - "description": "External registry name", + "description": "外部 registry 名称", "required": true, "schema": { "type": "string"