|
|
|
|
@ -0,0 +1,666 @@
|
|
|
|
|
# Config file for mosquitto |
|
|
|
|
# |
|
|
|
|
# See mosquitto.conf(5) for more information. |
|
|
|
|
# |
|
|
|
|
# Default values are shown, uncomment to change. |
|
|
|
|
# |
|
|
|
|
# Use the # character to indicate a comment, but only if it is the |
|
|
|
|
# very first character on the line. |
|
|
|
|
|
|
|
|
|
# ================================================================= |
|
|
|
|
# General configuration |
|
|
|
|
# ================================================================= |
|
|
|
|
|
|
|
|
|
# Time in seconds to wait before resending an outgoing QoS=1 or |
|
|
|
|
# QoS=2 message. |
|
|
|
|
#retry_interval 20 |
|
|
|
|
|
|
|
|
|
# Time in seconds between updates of the $SYS tree. |
|
|
|
|
# Set to 0 to disable the publishing of the $SYS tree. |
|
|
|
|
#sys_interval 10 |
|
|
|
|
|
|
|
|
|
# Time in seconds between cleaning the internal message store of |
|
|
|
|
# unreferenced messages. Lower values will result in lower memory |
|
|
|
|
# usage but more processor time, higher values will have the |
|
|
|
|
# opposite effect. |
|
|
|
|
# Setting a value of 0 means the unreferenced messages will be |
|
|
|
|
# disposed of as quickly as possible. |
|
|
|
|
#store_clean_interval 10 |
|
|
|
|
|
|
|
|
|
# Write process id to a file. Default is a blank string which means |
|
|
|
|
# a pid file shouldn't be written. |
|
|
|
|
# This should be set to /var/run/mosquitto.pid if mosquitto is |
|
|
|
|
# being run automatically on boot with an init script and |
|
|
|
|
# start-stop-daemon or similar. |
|
|
|
|
#pid_file |
|
|
|
|
|
|
|
|
|
# When run as root, drop privileges to this user and its primary |
|
|
|
|
# group. |
|
|
|
|
# Leave blank to stay as root, but this is not recommended. |
|
|
|
|
# If run as a non-root user, this setting has no effect. |
|
|
|
|
# Note that on Windows this has no effect and so mosquitto should |
|
|
|
|
# be started by the user you wish it to run as. |
|
|
|
|
#user mosquitto |
|
|
|
|
|
|
|
|
|
# The maximum number of QoS 1 and 2 messages currently inflight per |
|
|
|
|
# client. |
|
|
|
|
# This includes messages that are partway through handshakes and |
|
|
|
|
# those that are being retried. Defaults to 20. Set to 0 for no |
|
|
|
|
# maximum. Setting to 1 will guarantee in-order delivery of QoS 1 |
|
|
|
|
# and 2 messages. |
|
|
|
|
#max_inflight_messages 20 |
|
|
|
|
|
|
|
|
|
# The maximum number of QoS 1 and 2 messages to hold in a queue |
|
|
|
|
# above those that are currently in-flight. Defaults to 100. Set |
|
|
|
|
# to 0 for no maximum (not recommended). |
|
|
|
|
# See also queue_qos0_messages. |
|
|
|
|
#max_queued_messages 100 |
|
|
|
|
|
|
|
|
|
# Set to true to queue messages with QoS 0 when a persistent client is |
|
|
|
|
# disconnected. These messages are included in the limit imposed by |
|
|
|
|
# max_queued_messages. |
|
|
|
|
# Defaults to false. |
|
|
|
|
# This is a non-standard option for the MQTT v3.1 spec but is allowed in |
|
|
|
|
# v3.1.1. |
|
|
|
|
#queue_qos0_messages false |
|
|
|
|
|
|
|
|
|
# This option sets the maximum publish payload size that the broker will allow. |
|
|
|
|
# Received messages that exceed this size will not be accepted by the broker. |
|
|
|
|
# The default value is 0, which means that all valid MQTT messages are |
|
|
|
|
# accepted. MQTT imposes a maximum payload size of 268435455 bytes. |
|
|
|
|
#message_size_limit 0 |
|
|
|
|
|
|
|
|
|
# This option controls whether a client is allowed to connect with a zero |
|
|
|
|
# length client id or not. This option only affects clients using MQTT v3.1.1 |
|
|
|
|
# and later. If set to false, clients connecting with a zero length client id |
|
|
|
|
# are disconnected. If set to true, clients will be allocated a client id by |
|
|
|
|
# the broker. This means it is only useful for clients with clean session set |
|
|
|
|
# to true. |
|
|
|
|
#allow_zero_length_clientid true |
|
|
|
|
|
|
|
|
|
# If allow_zero_length_clientid is true, this option allows you to set a prefix |
|
|
|
|
# to automatically generated client ids to aid visibility in logs. |
|
|
|
|
#auto_id_prefix |
|
|
|
|
|
|
|
|
|
# This option allows persistent clients (those with clean session set to false) |
|
|
|
|
# to be removed if they do not reconnect within a certain time frame. |
|
|
|
|
# |
|
|
|
|
# This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1. |
|
|
|
|
# |
|
|
|
|
# Badly designed clients may set clean session to false whilst using a randomly |
|
|
|
|
# generated client id. This leads to persistent clients that will never |
|
|
|
|
# reconnect. This option allows these clients to be removed. |
|
|
|
|
# |
|
|
|
|
# The expiration period should be an integer followed by one of d w m y for |
|
|
|
|
# day, week, month and year respectively. For example |
|
|
|
|
# |
|
|
|
|
# persistent_client_expiration 2m |
|
|
|
|
# persistent_client_expiration 14d |
|
|
|
|
# persistent_client_expiration 1y |
|
|
|
|
# |
|
|
|
|
# The default if not set is to never expire persistent clients. |
|
|
|
|
#persistent_client_expiration |
|
|
|
|
|
|
|
|
|
# If a client is subscribed to multiple subscriptions that overlap, e.g. foo/# |
|
|
|
|
# and foo/+/baz , then MQTT expects that when the broker receives a message on |
|
|
|
|
# a topic that matches both subscriptions, such as foo/bar/baz, then the client |
|
|
|
|
# should only receive the message once. |
|
|
|
|
# Mosquitto keeps track of which clients a message has been sent to in order to |
|
|
|
|
# meet this requirement. The allow_duplicate_messages option allows this |
|
|
|
|
# behaviour to be disabled, which may be useful if you have a large number of |
|
|
|
|
# clients subscribed to the same set of topics and are very concerned about |
|
|
|
|
# minimising memory usage. |
|
|
|
|
# It can be safely set to true if you know in advance that your clients will |
|
|
|
|
# never have overlapping subscriptions, otherwise your clients must be able to |
|
|
|
|
# correctly deal with duplicate messages even when then have QoS=2. |
|
|
|
|
#allow_duplicate_messages false |
|
|
|
|
|
|
|
|
|
# The MQTT specification requires that the QoS of a message delivered to a |
|
|
|
|
# subscriber is never upgraded to match the QoS of the subscription. Enabling |
|
|
|
|
# this option changes this behaviour. If upgrade_outgoing_qos is set true, |
|
|
|
|
# messages sent to a subscriber will always match the QoS of its subscription. |
|
|
|
|
# This is a non-standard option explicitly disallowed by the spec. |
|
|
|
|
#upgrade_outgoing_qos false |
|
|
|
|
|
|
|
|
|
# ================================================================= |
|
|
|
|
# Default listener |
|
|
|
|
# ================================================================= |
|
|
|
|
|
|
|
|
|
# IP address/hostname to bind the default listener to. If not |
|
|
|
|
# given, the default listener will not be bound to a specific |
|
|
|
|
# address and so will be accessible to all network interfaces. |
|
|
|
|
# bind_address ip-address/host name |
|
|
|
|
#bind_address |
|
|
|
|
|
|
|
|
|
# Port to use for the default listener. |
|
|
|
|
port 8883 |
|
|
|
|
|
|
|
|
|
# The maximum number of client connections to allow. This is |
|
|
|
|
# a per listener setting. |
|
|
|
|
# Default is -1, which means unlimited connections. |
|
|
|
|
# Note that other process limits mean that unlimited connections |
|
|
|
|
# are not really possible. Typically the default maximum number of |
|
|
|
|
# connections possible is around 1024. |
|
|
|
|
#max_connections -1 |
|
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
# Certificate based SSL/TLS support |
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
# The following options can be used to enable SSL/TLS support for |
|
|
|
|
# this listener. Note that the recommended port for MQTT over TLS |
|
|
|
|
# is 8883, but this must be set manually. |
|
|
|
|
# |
|
|
|
|
# See also the mosquitto-tls man page. |
|
|
|
|
|
|
|
|
|
# At least one of cafile or capath must be defined. They both |
|
|
|
|
# define methods of accessing the PEM encoded Certificate |
|
|
|
|
# Authority certificates that have signed your server certificate |
|
|
|
|
# and that you wish to trust. |
|
|
|
|
# cafile defines the path to a file containing the CA certificates. |
|
|
|
|
# capath defines a directory that will be searched for files |
|
|
|
|
# containing the CA certificates. For capath to work correctly, the |
|
|
|
|
# certificate files must have ".crt" as the file ending and you must run |
|
|
|
|
# "c_rehash <path to capath>" each time you add/remove a certificate. |
|
|
|
|
cafile /mosquitto/config/ssl/ca.crt |
|
|
|
|
#capath |
|
|
|
|
|
|
|
|
|
# Path to the PEM encoded server certificate. |
|
|
|
|
certfile /mosquitto/config/ssl/server.crt |
|
|
|
|
|
|
|
|
|
# Path to the PEM encoded keyfile. |
|
|
|
|
keyfile /mosquitto/config/ssl/server.key |
|
|
|
|
|
|
|
|
|
# This option defines the version of the TLS protocol to use for this listener. |
|
|
|
|
# The default value will always be the highest version that is available for |
|
|
|
|
# the version of openssl that the broker was compiled against. For openssl >= |
|
|
|
|
# 1.0.1 the valid values are tlsv1.2 tlsv1.1 and tlsv1. For openssl < 1.0.1 the |
|
|
|
|
# valid values are tlsv1. |
|
|
|
|
#tls_version |
|
|
|
|
|
|
|
|
|
# By default a TLS enabled listener will operate in a similar fashion to a |
|
|
|
|
# https enabled web server, in that the server has a certificate signed by a CA |
|
|
|
|
# and the client will verify that it is a trusted certificate. The overall aim |
|
|
|
|
# is encryption of the network traffic. By setting require_certificate to true, |
|
|
|
|
# the client must provide a valid certificate in order for the network |
|
|
|
|
# connection to proceed. This allows access to the broker to be controlled |
|
|
|
|
# outside of the mechanisms provided by MQTT. |
|
|
|
|
#require_certificate false |
|
|
|
|
|
|
|
|
|
# If require_certificate is true, you may set use_identity_as_username to true |
|
|
|
|
# to use the CN value from the client certificate as a username. If this is |
|
|
|
|
# true, the password_file option will not be used for this listener. |
|
|
|
|
#use_identity_as_username false |
|
|
|
|
|
|
|
|
|
# If you have require_certificate set to true, you can create a certificate |
|
|
|
|
# revocation list file to revoke access to particular client certificates. If |
|
|
|
|
# you have done this, use crlfile to point to the PEM encoded revocation file. |
|
|
|
|
#crlfile |
|
|
|
|
|
|
|
|
|
# If you wish to control which encryption ciphers are used, use the ciphers |
|
|
|
|
# option. The list of available ciphers can be optained using the "openssl |
|
|
|
|
# ciphers" command and should be provided in the same format as the output of |
|
|
|
|
# that command. |
|
|
|
|
# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH |
|
|
|
|
#ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH |
|
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
# Pre-shared-key based SSL/TLS support |
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
# The following options can be used to enable PSK based SSL/TLS support for |
|
|
|
|
# this listener. Note that the recommended port for MQTT over TLS is 8883, but |
|
|
|
|
# this must be set manually. |
|
|
|
|
# |
|
|
|
|
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS |
|
|
|
|
# support" section. Only one of certificate or PSK encryption support can be |
|
|
|
|
# enabled for any listener. |
|
|
|
|
|
|
|
|
|
# The psk_hint option enables pre-shared-key support for this listener and also |
|
|
|
|
# acts as an identifier for this listener. The hint is sent to clients and may |
|
|
|
|
# be used locally to aid authentication. The hint is a free form string that |
|
|
|
|
# doesn't have much meaning in itself, so feel free to be creative. |
|
|
|
|
# If this option is provided, see psk_file to define the pre-shared keys to be |
|
|
|
|
# used or create a security plugin to handle them. |
|
|
|
|
#psk_hint |
|
|
|
|
|
|
|
|
|
# Set use_identity_as_username to have the psk identity sent by the client used |
|
|
|
|
# as its username. Authentication will be carried out using the PSK rather than |
|
|
|
|
# the MQTT username/password and so password_file will not be used for this |
|
|
|
|
# listener. |
|
|
|
|
#use_identity_as_username false |
|
|
|
|
|
|
|
|
|
# When using PSK, the encryption ciphers used will be chosen from the list of |
|
|
|
|
# available PSK ciphers. If you want to control which ciphers are available, |
|
|
|
|
# use the "ciphers" option. The list of available ciphers can be optained |
|
|
|
|
# using the "openssl ciphers" command and should be provided in the same format |
|
|
|
|
# as the output of that command. |
|
|
|
|
#ciphers |
|
|
|
|
|
|
|
|
|
# ================================================================= |
|
|
|
|
# Extra listeners |
|
|
|
|
# ================================================================= |
|
|
|
|
|
|
|
|
|
# Listen on a port/ip address combination. By using this variable |
|
|
|
|
# multiple times, mosquitto can listen on more than one port. If |
|
|
|
|
# this variable is used and neither bind_address nor port given, |
|
|
|
|
# then the default listener will not be started. |
|
|
|
|
# The port number to listen on must be given. Optionally, an ip |
|
|
|
|
# address or host name may be supplied as a second argument. In |
|
|
|
|
# this case, mosquitto will attempt to bind the listener to that |
|
|
|
|
# address and so restrict access to the associated network and |
|
|
|
|
# interface. By default, mosquitto will listen on all interfaces. |
|
|
|
|
# listener port-number [ip address/host name] |
|
|
|
|
#listener |
|
|
|
|
|
|
|
|
|
# The maximum number of client connections to allow. This is |
|
|
|
|
# a per listener setting. |
|
|
|
|
# Default is -1, which means unlimited connections. |
|
|
|
|
# Note that other process limits mean that unlimited connections |
|
|
|
|
# are not really possible. Typically the default maximum number of |
|
|
|
|
# connections possible is around 1024. |
|
|
|
|
#max_connections -1 |
|
|
|
|
|
|
|
|
|
# The listener can be restricted to operating within a topic hierarchy using |
|
|
|
|
# the mount_point option. This is achieved be prefixing the mount_point string |
|
|
|
|
# to all topics for any clients connected to this listener. This prefixing only |
|
|
|
|
# happens internally to the broker; the client will not see the prefix. |
|
|
|
|
#mount_point |
|
|
|
|
|
|
|
|
|
# ================================================================= |
|
|
|
|
# Persistence |
|
|
|
|
# ================================================================= |
|
|
|
|
|
|
|
|
|
# If persistence is enabled, save the in-memory database to disk |
|
|
|
|
# every autosave_interval seconds. If set to 0, the persistence |
|
|
|
|
# database will only be written when mosquitto exits. See also |
|
|
|
|
# autosave_on_changes. |
|
|
|
|
# Note that writing of the persistence database can be forced by |
|
|
|
|
# sending mosquitto a SIGUSR1 signal. |
|
|
|
|
autosave_interval 1800 |
|
|
|
|
|
|
|
|
|
# If true, mosquitto will count the number of subscription changes, retained |
|
|
|
|
# messages received and queued messages and if the total exceeds |
|
|
|
|
# autosave_interval then the in-memory database will be saved to disk. |
|
|
|
|
# If false, mosquitto will save the in-memory database to disk by treating |
|
|
|
|
# autosave_interval as a time in seconds. |
|
|
|
|
#autosave_on_changes false |
|
|
|
|
|
|
|
|
|
# Save persistent message data to disk (true/false). |
|
|
|
|
# This saves information about all messages, including |
|
|
|
|
# subscriptions, currently in-flight messages and retained |
|
|
|
|
# messages. |
|
|
|
|
# retained_persistence is a synonym for this option. |
|
|
|
|
persistence true |
|
|
|
|
|
|
|
|
|
# The filename to use for the persistent database, not including |
|
|
|
|
# the path. |
|
|
|
|
persistence_file mosquitto.db |
|
|
|
|
|
|
|
|
|
# Location for persistent database. Must include trailing / |
|
|
|
|
# Default is an empty string (current directory). |
|
|
|
|
# Set to e.g. /var/lib/mosquitto/ if running as a proper service on Linux or |
|
|
|
|
# similar. |
|
|
|
|
persistence_location /mosquitto/data/ |
|
|
|
|
|
|
|
|
|
# ================================================================= |
|
|
|
|
# Logging |
|
|
|
|
# ================================================================= |
|
|
|
|
|
|
|
|
|
# Places to log to. Use multiple log_dest lines for multiple |
|
|
|
|
# logging destinations. |
|
|
|
|
# Possible destinations are: stdout stderr syslog topic file |
|
|
|
|
# |
|
|
|
|
# stdout and stderr log to the console on the named output. |
|
|
|
|
# |
|
|
|
|
# syslog uses the userspace syslog facility which usually ends up |
|
|
|
|
# in /var/log/messages or similar. |
|
|
|
|
# |
|
|
|
|
# topic logs to the broker topic '$SYS/broker/log/<severity>', |
|
|
|
|
# where severity is one of D, E, W, N, I, M which are debug, error, |
|
|
|
|
# warning, notice, information and message. Message type severity is used by |
|
|
|
|
# the subscribe/unsubscribe log_types and publishes log messages to |
|
|
|
|
# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe. |
|
|
|
|
# |
|
|
|
|
# The file destination requires an additional parameter which is the file to be |
|
|
|
|
# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be |
|
|
|
|
# closed and reopened when the broker receives a HUP signal. Only a single file |
|
|
|
|
# destination may be configured. |
|
|
|
|
# |
|
|
|
|
# Note that if the broker is running as a Windows service it will default to |
|
|
|
|
# "log_dest none" and neither stdout nor stderr logging is available. |
|
|
|
|
# Use "log_dest none" if you wish to disable logging. |
|
|
|
|
#log_dest stderr |
|
|
|
|
|
|
|
|
|
# Types of messages to log. Use multiple log_type lines for logging |
|
|
|
|
# multiple types of messages. |
|
|
|
|
# Possible types are: debug, error, warning, notice, information, |
|
|
|
|
# none, subscribe, unsubscribe, all. |
|
|
|
|
# Note that debug type messages are for decoding the incoming/outgoing |
|
|
|
|
# network packets. They are not logged in "topics". |
|
|
|
|
#log_type error |
|
|
|
|
#log_type warning |
|
|
|
|
#log_type notice |
|
|
|
|
#log_type information |
|
|
|
|
|
|
|
|
|
# If set to true, client connection and disconnection messages will be included |
|
|
|
|
# in the log. |
|
|
|
|
#connection_messages true |
|
|
|
|
|
|
|
|
|
# If set to true, add a timestamp value to each log message. |
|
|
|
|
#log_timestamp true |
|
|
|
|
|
|
|
|
|
# ================================================================= |
|
|
|
|
# Security |
|
|
|
|
# ================================================================= |
|
|
|
|
|
|
|
|
|
# If set, only clients that have a matching prefix on their |
|
|
|
|
# clientid will be allowed to connect to the broker. By default, |
|
|
|
|
# all clients may connect. |
|
|
|
|
# For example, setting "secure-" here would mean a client "secure- |
|
|
|
|
# client" could connect but another with clientid "mqtt" couldn't. |
|
|
|
|
#clientid_prefixes |
|
|
|
|
|
|
|
|
|
# Boolean value that determines whether clients that connect |
|
|
|
|
# without providing a username are allowed to connect. If set to |
|
|
|
|
# false then a password file should be created (see the |
|
|
|
|
# password_file option) to control authenticated client access. |
|
|
|
|
# Defaults to true. |
|
|
|
|
allow_anonymous false |
|
|
|
|
|
|
|
|
|
# In addition to the clientid_prefixes, allow_anonymous and TLS |
|
|
|
|
# authentication options, username based authentication is also |
|
|
|
|
# possible. The default support is described in "Default |
|
|
|
|
# authentication and topic access control" below. The auth_plugin |
|
|
|
|
# allows another authentication method to be used. |
|
|
|
|
# Specify the path to the loadable plugin and see the |
|
|
|
|
# "Authentication and topic access plugin options" section below. |
|
|
|
|
#auth_plugin |
|
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
# Default authentication and topic access control |
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
|
|
|
|
|
# Control access to the broker using a password file. This file can be |
|
|
|
|
# generated using the mosquitto_passwd utility. If TLS support is not compiled |
|
|
|
|
# into mosquitto (it is recommended that TLS support should be included) then |
|
|
|
|
# plain text passwords are used, in which case the file should be a text file |
|
|
|
|
# with lines in the format: |
|
|
|
|
# username:password |
|
|
|
|
# The password (and colon) may be omitted if desired, although this |
|
|
|
|
# offers very little in the way of security. |
|
|
|
|
# |
|
|
|
|
# See the TLS client require_certificate and use_identity_as_username options |
|
|
|
|
# for alternative authentication options. |
|
|
|
|
password_file /mosquitto/config/passwd.db |
|
|
|
|
|
|
|
|
|
# Access may also be controlled using a pre-shared-key file. This requires |
|
|
|
|
# TLS-PSK support and a listener configured to use it. The file should be text |
|
|
|
|
# lines in the format: |
|
|
|
|
# identity:key |
|
|
|
|
# The key should be in hexadecimal format without a leading "0x". |
|
|
|
|
#psk_file |
|
|
|
|
|
|
|
|
|
# Control access to topics on the broker using an access control list |
|
|
|
|
# file. If this parameter is defined then only the topics listed will |
|
|
|
|
# have access. |
|
|
|
|
# If the first character of a line of the ACL file is a # it is treated as a |
|
|
|
|
# comment. |
|
|
|
|
# Topic access is added with lines of the format: |
|
|
|
|
# |
|
|
|
|
# topic [read|write] <topic> |
|
|
|
|
# |
|
|
|
|
# The access type is controlled using "read" or "write". This parameter |
|
|
|
|
# is optional - if not given then the access is read/write. |
|
|
|
|
# <topic> can contain the + or # wildcards as in subscriptions. |
|
|
|
|
# |
|
|
|
|
# The first set of topics are applied to anonymous clients, assuming |
|
|
|
|
# allow_anonymous is true. User specific topic ACLs are added after a |
|
|
|
|
# user line as follows: |
|
|
|
|
# |
|
|
|
|
# user <username> |
|
|
|
|
# |
|
|
|
|
# The username referred to here is the same as in password_file. It is |
|
|
|
|
# not the clientid. |
|
|
|
|
# |
|
|
|
|
# |
|
|
|
|
# If is also possible to define ACLs based on pattern substitution within the |
|
|
|
|
# topic. The patterns available for substition are: |
|
|
|
|
# |
|
|
|
|
# %c to match the client id of the client |
|
|
|
|
# %u to match the username of the client |
|
|
|
|
# |
|
|
|
|
# The substitution pattern must be the only text for that level of hierarchy. |
|
|
|
|
# |
|
|
|
|
# The form is the same as for the topic keyword, but using pattern as the |
|
|
|
|
# keyword. |
|
|
|
|
# Pattern ACLs apply to all users even if the "user" keyword has previously |
|
|
|
|
# been given. |
|
|
|
|
# |
|
|
|
|
# If using bridges with usernames and ACLs, connection messages can be allowed |
|
|
|
|
# with the following pattern: |
|
|
|
|
# pattern write $SYS/broker/connection/%c/state |
|
|
|
|
# |
|
|
|
|
# pattern [read|write] <topic> |
|
|
|
|
# |
|
|
|
|
# Example: |
|
|
|
|
# |
|
|
|
|
# pattern write sensor/%u/data |
|
|
|
|
# |
|
|
|
|
#acl_file |
|
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
# Authentication and topic access plugin options |
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
|
|
|
|
|
# If the auth_plugin option above is used, define options to pass to the |
|
|
|
|
# plugin here as described by the plugin instructions. All options named |
|
|
|
|
# using the format auth_opt_* will be passed to the plugin, for example: |
|
|
|
|
# |
|
|
|
|
# auth_opt_db_host |
|
|
|
|
# auth_opt_db_port |
|
|
|
|
# auth_opt_db_username |
|
|
|
|
# auth_opt_db_password |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ================================================================= |
|
|
|
|
# Bridges |
|
|
|
|
# ================================================================= |
|
|
|
|
|
|
|
|
|
# A bridge is a way of connecting multiple MQTT brokers together. |
|
|
|
|
# Create a new bridge using the "connection" option as described below. Set |
|
|
|
|
# options for the bridges using the remaining parameters. You must specify the |
|
|
|
|
# address and at least one topic to subscribe to. |
|
|
|
|
# Each connection must have a unique name. |
|
|
|
|
# The address line may have multiple host address and ports specified. See |
|
|
|
|
# below in the round_robin description for more details on bridge behaviour if |
|
|
|
|
# multiple addresses are used. |
|
|
|
|
# The direction that the topic will be shared can be chosen by |
|
|
|
|
# specifying out, in or both, where the default value is out. |
|
|
|
|
# The QoS level of the bridged communication can be specified with the next |
|
|
|
|
# topic option. The default QoS level is 0, to change the QoS the topic |
|
|
|
|
# direction must also be given. |
|
|
|
|
# The local and remote prefix options allow a topic to be remapped when it is |
|
|
|
|
# bridged to/from the remote broker. This provides the ability to place a topic |
|
|
|
|
# tree in an appropriate location. |
|
|
|
|
# For more details see the mosquitto.conf man page. |
|
|
|
|
# Multiple topics can be specified per connection, but be careful |
|
|
|
|
# not to create any loops. |
|
|
|
|
# If you are using bridges with cleansession set to false (the default), then |
|
|
|
|
# you may get unexpected behaviour from incoming topics if you change what |
|
|
|
|
# topics you are subscribing to. This is because the remote broker keeps the |
|
|
|
|
# subscription for the old topic. If you have this problem, connect your bridge |
|
|
|
|
# with cleansession set to true, then reconnect with cleansession set to false |
|
|
|
|
# as normal. |
|
|
|
|
#connection <name> |
|
|
|
|
#address <host>[:<port>] [<host>[:<port>]] |
|
|
|
|
#topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix] |
|
|
|
|
|
|
|
|
|
# If the bridge has more than one address given in the address/addresses |
|
|
|
|
# configuration, the round_robin option defines the behaviour of the bridge on |
|
|
|
|
# a failure of the bridge connection. If round_robin is false, the default |
|
|
|
|
# value, then the first address is treated as the main bridge connection. If |
|
|
|
|
# the connection fails, the other secondary addresses will be attempted in |
|
|
|
|
# turn. Whilst connected to a secondary bridge, the bridge will periodically |
|
|
|
|
# attempt to reconnect to the main bridge until successful. |
|
|
|
|
# If round_robin is true, then all addresses are treated as equals. If a |
|
|
|
|
# connection fails, the next address will be tried and if successful will |
|
|
|
|
# remain connected until it fails |
|
|
|
|
#round_robin false |
|
|
|
|
|
|
|
|
|
# Set the client id for this bridge connection. If not defined, |
|
|
|
|
# this defaults to 'name.hostname' where name is the connection |
|
|
|
|
# name and hostname is the hostname of this computer. |
|
|
|
|
#clientid |
|
|
|
|
|
|
|
|
|
# Set the clean session variable for this bridge. |
|
|
|
|
# When set to true, when the bridge disconnects for any reason, all |
|
|
|
|
# messages and subscriptions will be cleaned up on the remote |
|
|
|
|
# broker. Note that with cleansession set to true, there may be a |
|
|
|
|
# significant amount of retained messages sent when the bridge |
|
|
|
|
# reconnects after losing its connection. |
|
|
|
|
# When set to false, the subscriptions and messages are kept on the |
|
|
|
|
# remote broker, and delivered when the bridge reconnects. |
|
|
|
|
#cleansession false |
|
|
|
|
|
|
|
|
|
# If set to true, publish notification messages to the local and remote brokers |
|
|
|
|
# giving information about the state of the bridge connection. Retained |
|
|
|
|
# messages are published to the topic $SYS/broker/connection/<clientid>/state |
|
|
|
|
# unless the notification_topic option is used. |
|
|
|
|
# If the message is 1 then the connection is active, or 0 if the connection has |
|
|
|
|
# failed. |
|
|
|
|
#notifications true |
|
|
|
|
|
|
|
|
|
# Choose the topic on which notification messages for this bridge are |
|
|
|
|
# published. If not set, messages are published on the topic |
|
|
|
|
# $SYS/broker/connection/<clientid>/state |
|
|
|
|
#notification_topic |
|
|
|
|
|
|
|
|
|
# Set the keepalive interval for this bridge connection, in |
|
|
|
|
# seconds. |
|
|
|
|
#keepalive_interval 60 |
|
|
|
|
|
|
|
|
|
# Set the start type of the bridge. This controls how the bridge starts and |
|
|
|
|
# can be one of three types: automatic, lazy and once. Note that RSMB provides |
|
|
|
|
# a fourth start type "manual" which isn't currently supported by mosquitto. |
|
|
|
|
# |
|
|
|
|
# "automatic" is the default start type and means that the bridge connection |
|
|
|
|
# will be started automatically when the broker starts and also restarted |
|
|
|
|
# after a short delay (30 seconds) if the connection fails. |
|
|
|
|
# |
|
|
|
|
# Bridges using the "lazy" start type will be started automatically when the |
|
|
|
|
# number of queued messages exceeds the number set with the "threshold" |
|
|
|
|
# parameter. It will be stopped automatically after the time set by the |
|
|
|
|
# "idle_timeout" parameter. Use this start type if you wish the connection to |
|
|
|
|
# only be active when it is needed. |
|
|
|
|
# |
|
|
|
|
# A bridge using the "once" start type will be started automatically when the |
|
|
|
|
# broker starts but will not be restarted if the connection fails. |
|
|
|
|
#start_type automatic |
|
|
|
|
|
|
|
|
|
# Set the amount of time a bridge using the automatic start type will wait |
|
|
|
|
# until attempting to reconnect. Defaults to 30 seconds. |
|
|
|
|
#restart_timeout 30 |
|
|
|
|
|
|
|
|
|
# Set the amount of time a bridge using the lazy start type must be idle before |
|
|
|
|
# it will be stopped. Defaults to 60 seconds. |
|
|
|
|
#idle_timeout 60 |
|
|
|
|
|
|
|
|
|
# Set the number of messages that need to be queued for a bridge with lazy |
|
|
|
|
# start type to be restarted. Defaults to 10 messages. |
|
|
|
|
# Must be less than max_queued_messages. |
|
|
|
|
#threshold 10 |
|
|
|
|
|
|
|
|
|
# If try_private is set to true, the bridge will attempt to indicate to the |
|
|
|
|
# remote broker that it is a bridge not an ordinary client. If successful, this |
|
|
|
|
# means that loop detection will be more effective and that retained messages |
|
|
|
|
# will be propagated correctly. Not all brokers support this feature so it may |
|
|
|
|
# be necessary to set try_private to false if your bridge does not connect |
|
|
|
|
# properly. |
|
|
|
|
#try_private true |
|
|
|
|
|
|
|
|
|
# Set the username to use when connecting to an MQTT v3.1 broker |
|
|
|
|
# that requires authentication. |
|
|
|
|
#username |
|
|
|
|
|
|
|
|
|
# Set the password to use when connecting to an MQTT v3.1 broker |
|
|
|
|
# that requires authentication. This option is only used if |
|
|
|
|
# username is also set. |
|
|
|
|
#password |
|
|
|
|
|
|
|
|
|
# Set the username to use on the local broker. |
|
|
|
|
#local_username |
|
|
|
|
|
|
|
|
|
# Set the password to use on the local broker. |
|
|
|
|
# This option is only used if local_username is also set. |
|
|
|
|
#local_password |
|
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
# Certificate based SSL/TLS support |
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
# Either bridge_cafile or bridge_capath must be defined to enable TLS support |
|
|
|
|
# for this bridge. |
|
|
|
|
# bridge_cafile defines the path to a file containing the |
|
|
|
|
# Certificate Authority certificates that have signed the remote broker |
|
|
|
|
# certificate. |
|
|
|
|
# bridge_capath defines a directory that will be searched for files containing |
|
|
|
|
# the CA certificates. For bridge_capath to work correctly, the certificate |
|
|
|
|
# files must have ".crt" as the file ending and you must run "c_rehash <path to |
|
|
|
|
# capath>" each time you add/remove a certificate. |
|
|
|
|
#bridge_cafile |
|
|
|
|
#bridge_capath |
|
|
|
|
|
|
|
|
|
# Path to the PEM encoded client certificate, if required by the remote broker. |
|
|
|
|
#bridge_certfile |
|
|
|
|
|
|
|
|
|
# Path to the PEM encoded client private key, if required by the remote broker. |
|
|
|
|
#bridge_keyfile |
|
|
|
|
|
|
|
|
|
# When using certificate based encryption, bridge_insecure disables |
|
|
|
|
# verification of the server hostname in the server certificate. This can be |
|
|
|
|
# useful when testing initial server configurations, but makes it possible for |
|
|
|
|
# a malicious third party to impersonate your server through DNS spoofing, for |
|
|
|
|
# example. Use this option in testing only. If you need to resort to using this |
|
|
|
|
# option in a production environment, your setup is at fault and there is no |
|
|
|
|
# point using encryption. |
|
|
|
|
#bridge_insecure false |
|
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
# PSK based SSL/TLS support |
|
|
|
|
# ----------------------------------------------------------------- |
|
|
|
|
# Pre-shared-key encryption provides an alternative to certificate based |
|
|
|
|
# encryption. A bridge can be configured to use PSK with the bridge_identity |
|
|
|
|
# and bridge_psk options. These are the client PSK identity, and pre-shared-key |
|
|
|
|
# in hexadecimal format with no "0x". Only one of certificate and PSK based |
|
|
|
|
# encryption can be used on one |
|
|
|
|
# bridge at once. |
|
|
|
|
#bridge_identity |
|
|
|
|
#bridge_psk |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ================================================================= |
|
|
|
|
# External config files |
|
|
|
|
# ================================================================= |
|
|
|
|
|
|
|
|
|
# External configuration files may be included by using the |
|
|
|
|
# include_dir option. This defines a directory that will be searched |
|
|
|
|
# for config files. All files that end in '.conf' will be loaded as |
|
|
|
|
# a configuration file. It is best to have this as the last option |
|
|
|
|
# in the main file. This option will only be processed from the main |
|
|
|
|
# configuration file. The directory specified must not contain the |
|
|
|
|
# main configuration file. |
|
|
|
|
#include_dir |
|
|
|
|
|
|
|
|
|
# ================================================================= |
|
|
|
|
# Unsupported rsmb options - for the future |
|
|
|
|
# ================================================================= |
|
|
|
|
|
|
|
|
|
#addresses |
|
|
|
|
#round_robin |
|
|
|
|
|
|
|
|
|
# ================================================================= |
|
|
|
|
# rsmb options - unlikely to ever be supported |
|
|
|
|
# ================================================================= |
|
|
|
|
|
|
|
|
|
#ffdc_output |
|
|
|
|
#max_log_entries |
|
|
|
|
#trace_level |
|
|
|
|
#trace_output |
