##===================================================================
## EMQ Configuration R2.3
##===================================================================
##--------------------------------------------------------------------
## Cluster
##--------------------------------------------------------------------
## Cluster name
cluster.name = emqcl
## Cluster discovery strategy: manual | static | mcast | dns | etcd | k8s
cluster.discovery = k8s
## Cluster Autoheal: on | off
cluster.autoheal = on
## Clean down node of the cluster
cluster.autoclean = 5m
##--------------------------------------------------------------------
## Cluster with static node list
## cluster.static.seeds = [email protected],[email protected]
##--------------------------------------------------------------------
## Cluster with multicast
## cluster.mcast.addr = 239.192.0.1
## cluster.mcast.ports = 4369,4370
## cluster.mcast.iface = 0.0.0.0
## cluster.mcast.ttl = 255
## cluster.mcast.loop = on
##--------------------------------------------------------------------
## Cluster with DNS
## cluster.dns.name = localhost
## cluster.dns.app = emq
##--------------------------------------------------------------------
## Cluster with Etcd
## cluster.etcd.server = http://127.0.0.1:2379
## cluster.etcd.prefix = emqcl
## cluster.etcd.node_ttl = 1m
##--------------------------------------------------------------------
## Cluster with k8s
cluster.k8s.apiserver = https://kubernetes.default:443
cluster.k8s.service_name = emqtt
## Address Type: ip | dns
cluster.k8s.address_type = ip
## The Erlang application name
cluster.k8s.app_name = emqtt
##--------------------------------------------------------------------
## Node Args
##--------------------------------------------------------------------
## Node name
node.name = emqtt
## Cookie for distributed node
node.cookie = secretcookieeeetfggggg
## SMP support: enable, auto, disable
node.smp = auto
## vm.args: -heart
## Heartbeat monitoring of an Erlang runtime system
## Value should be 'on' or comment the line
## node.heartbeat = on
## Enable kernel poll
node.kernel_poll = on
## async thread pool
node.async_threads = 32
## Erlang Process Limit
node.process_limit = 2097152
## Sets the maximum number of simultaneously existing ports for this system
node.max_ports = 1048576
## Set the distribution buffer busy limit (dist_buf_busy_limit)
node.dist_buffer_size = 32MB
## Max ETS Tables.
## Note that mnesia and SSL will create temporary ets tables.
node.max_ets_tables = 2097152
## Tweak GC to run more often
node.fullsweep_after = 1000
## Crash dump
node.crash_dump = log/crash.dump
## Distributed node ticktime
node.dist_net_ticktime = 60
## Distributed node port range
node.dist_listen_min = 6369
node.dist_listen_max = 6379
##--------------------------------------------------------------------
## Log
##--------------------------------------------------------------------
## Set the log dir
log.dir = log
## Console log. Enum: off, file, console, both
log.console = console
## Console log level. Enum: debug, info, notice, warning, error, critical, alert, emergency
log.console.level = error
## Syslog. Enum: on, off
log.syslog = on
## syslog level. Enum: debug, info, notice, warning, error, critical, alert, emergency
log.syslog.level = error
## Console log file
## log.console.file = log/console.log
## Info log file
## log.info.file = log/info.log
## Error log file
log.error.file = log/error.log
## Enable the crash log. Enum: on, off
log.crash = on
log.crash.file = log/crash.log
##--------------------------------------------------------------------
## Allow Anonymous and Default ACL
##--------------------------------------------------------------------
## Allow Anonymous authentication
mqtt.allow_anonymous = true
## ACL nomatch
mqtt.acl_nomatch = allow
## Default ACL File
mqtt.acl_file = etc/acl.conf
## Cache ACL for PUBLISH
mqtt.cache_acl = true
##--------------------------------------------------------------------
## MQTT Protocol
##--------------------------------------------------------------------
## Max ClientId Length Allowed.
mqtt.max_clientid_len = 1024
## Max Packet Size Allowed, 64K by default.
mqtt.max_packet_size = 64KB
## Check Websocket Protocol Header. Enum: on, off
mqtt.websocket_protocol_header = on
##--------------------------------------------------------------------
## MQTT Connection
##--------------------------------------------------------------------
## Force GC: integer. Value 0 disabled the Force GC.
mqtt.conn.force_gc_count = 100
##--------------------------------------------------------------------
## MQTT Client
##--------------------------------------------------------------------
## Client Idle Timeout (Second)
mqtt.client.idle_timeout = 30s
## Max publish rate of Messages
## mqtt.client.max_publish_rate = 5
## Enable client Stats: on | off
mqtt.client.enable_stats = off
##--------------------------------------------------------------------
## MQTT Session
##--------------------------------------------------------------------
## Max Number of Subscriptions, 0 means no limit.
mqtt.session.max_subscriptions = 0
## Upgrade QoS?
mqtt.session.upgrade_qos = off
## Max Size of the Inflight Window for QoS1 and QoS2 messages
## 0 means no limit
mqtt.session.max_inflight = 32
## Retry Interval for redelivering QoS1/2 messages.
mqtt.session.retry_interval = 20s
## Client -> Broker: Max Packets Awaiting PUBREL, 0 means no limit
mqtt.session.max_awaiting_rel = 100
## Awaiting PUBREL Timeout
mqtt.session.await_rel_timeout = 20s
## Enable Statistics: on | off
mqtt.session.enable_stats = off
## Expired after 1 day:
## w - week
## d - day
## h - hour
## m - minute
## s - second
mqtt.session.expiry_interval = 2h
## Ignore message from self publish
mqtt.session.ignore_loop_deliver = false
##--------------------------------------------------------------------
## MQTT Message Queue
##--------------------------------------------------------------------
## Type: simple | priority
mqtt.mqueue.type = simple
## Topic Priority: 0~255, Default is 0
## mqtt.mqueue.priority = topic/1=10,topic/2=8
## Max queue length. Enqueued messages when persistent client disconnected,
## or inflight window is full. 0 means no limit.
mqtt.mqueue.max_length = 1000
## Low-water mark of queued messages
mqtt.mqueue.low_watermark = 20%
## High-water mark of queued messages
mqtt.mqueue.high_watermark = 60%
## Queue Qos0 messages?
mqtt.mqueue.store_qos0 = true
##--------------------------------------------------------------------
## MQTT Broker and PubSub
##--------------------------------------------------------------------
## System Interval of publishing broker $SYS Messages
mqtt.broker.sys_interval = 60
## PubSub Pool Size. Default should be scheduler numbers.
mqtt.pubsub.pool_size = 8
mqtt.pubsub.by_clientid = true
## Subscribe Asynchronously
mqtt.pubsub.async = true
##--------------------------------------------------------------------
## MQTT Bridge
##--------------------------------------------------------------------
## Bridge Queue Size
mqtt.bridge.max_queue_len = 10000
## Ping Interval of bridge node. Unit: Second
mqtt.bridge.ping_down_interval = 1
##-------------------------------------------------------------------
## MQTT Plugins
##-------------------------------------------------------------------
## Dir of plugins' config
mqtt.plugins.etc_dir =etc/plugins/
## File to store loaded plugin names.
mqtt.plugins.loaded_file = data/loaded_plugins
##--------------------------------------------------------------------
## MQTT Listeners
##--------------------------------------------------------------------
##--------------------------------------------------------------------
## External TCP Listener
## External TCP Listener: 1883, 127.0.0.1:1883, ::1:1883
listener.tcp.external = 0.0.0.0:1883
## Size of acceptor pool
listener.tcp.external.acceptors = 64
## Maximum number of concurrent clients
listener.tcp.external.max_clients = 1000000
#listener.tcp.external.mountpoint = external/
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
#listener.tcp.external.rate_limit = 100,10
#listener.tcp.external.access.1 = allow 192.168.0.0/24
listener.tcp.external.access.2 = allow all
## Proxy Protocol V1/2
## listener.tcp.external.proxy_protocol = on
## listener.tcp.external.proxy_protocol_timeout = 3s
## TCP Socket Options
listener.tcp.external.backlog = 1024
#listener.tcp.external.recbuf = 4KB
#listener.tcp.external.sndbuf = 4KB
listener.tcp.external.buffer = 4KB
listener.tcp.external.nodelay = true
##--------------------------------------------------------------------
## Internal TCP Listener
## Internal TCP Listener: 11883, 127.0.0.1:11883, ::1:11883
listener.tcp.internal = 127.0.0.1:11883
## Size of acceptor pool
listener.tcp.internal.acceptors = 16
## Maximum number of concurrent clients
listener.tcp.internal.max_clients = 102400
#listener.tcp.external.mountpoint = internal/
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
## listener.tcp.internal.rate_limit = 1000,100
## TCP Socket Options
listener.tcp.internal.backlog = 512
listener.tcp.internal.tune_buffer = on
listener.tcp.internal.buffer = 1MB
listener.tcp.internal.recbuf = 4KB
listener.tcp.internal.sndbuf = 1MB
listener.tcp.internal.nodelay = true
##--------------------------------------------------------------------
## External SSL Listener
## SSL Listener: 8883, 127.0.0.1:8883, ::1:8883
listener.ssl.external = 8883
## Size of acceptor pool
listener.ssl.external.acceptors = 32
## Maximum number of concurrent clients
listener.ssl.external.max_clients = 500000
## listener.ssl.external.mountpoint = inbound/
## Rate Limit. Format is 'burst,rate', Unit is KB/Sec
## listener.ssl.external.rate_limit = 100,10
## Proxy Protocol V1/2
## listener.ssl.external.proxy_protocol = on
## listener.ssl.external.proxy_protocol_timeout = 3s
listener.ssl.external.access.1 = allow all
### SSL Options. See http://erlang.org/doc/man/ssl.html
## Configuring SSL Options. See http://erlang.org/doc/man/ssl.html
### TLS only for POODLE attack
## listener.ssl.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1
### The Ephemeral Diffie-Helman key exchange is a very effective way of
### ensuring Forward Secrecy by exchanging a set of keys that never hit
### the wire. Since the DH key is effectively signed by the private key,
### it needs to be at least as strong as the private key. In addition,
### the default DH groups that most of the OpenSSL installations have
### are only a handful (since they are distributed with the OpenSSL
### package that has been built for the operating system it’s running on)
### and hence predictable (not to mention, 1024 bits only).
### In order to escape this situation, first we need to generate a fresh,
### strong DH group, store it in a file and then use the option above,
### to force our SSL application to use the new DH group. Fortunately,
### OpenSSL provides us with a tool to do that. Simply run:
### openssl dhparam -out dh-params.pem 2048
listener.ssl.external.handshake_timeout = 15s
listener.ssl.external.keyfile = etc/certs/key.pem
listener.ssl.external.certfile = etc/certs/cert.pem
## listener.ssl.external.cacertfile = etc/certs/cacert.pem
## listener.ssl.external.dhfile = etc/certs/dh-params.pem
## listener.ssl.external.verify = verify_peer
## listener.ssl.external.fail_if_no_peer_cert = true
### This is the single most important configuration option of an Erlang SSL application.
### Ciphers (and their ordering) define the way the client and server encrypt information
### over the wire, from the initial Diffie-Helman key exchange, the session key encryption
### algorithm and the message digest algorithm. Selecting a good cipher suite is critical
### for the application’s data security, confidentiality and performance.
### The cipher list above offers:
###
### A good balance between compatibility with older browsers. It can get stricter for Machine-To-Machine scenarios.
### Perfect Forward Secrecy.
### No old/insecure encryption and HMAC algorithms
###
### Most of it was copied from Mozilla’s Server Side TLS article
## listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
### SSL parameter renegotiation is a feature that allows a client and
### a server to renegotiate the parameters of the SSL connection on the fly.
### RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,
### you drop support for the insecure renegotiation, prone to MitM attacks.
## listener.ssl.external.secure_renegotiate = off
### A performance optimization setting, it allows clients to reuse
### pre-existing sessions, instead of initializing new ones.
### Read more about it here.
## listener.ssl.external.reuse_sessions = on
### An important security setting, it forces the cipher to be set based on
### the server-specified order instead of the client-specified order,
### hence enforcing the (usually more properly configured) security
### ordering of the server administrator.
## listener.ssl.external.honor_cipher_order = on
### Use the CN or DN value from the client certificate as a username.
### Notice: 'verify' should be configured as 'verify_peer'
## listener.ssl.external.peer_cert_as_username = cn
## SSL Socket Options
## listener.ssl.external.backlog = 1024
## listener.ssl.external.recbuf = 4KB
## listener.ssl.external.sndbuf = 4KB
## listener.ssl.external.buffer = 4KB
## listener.ssl.external.nodelay = true
##--------------------------------------------------------------------
## External MQTT/WebSocket Listener
listener.ws.external = 8083
listener.ws.external.acceptors = 16
listener.ws.external.max_clients = 250000
listener.ws.external.access.1 = allow all
## TCP Options
listener.ws.external.backlog = 1024
listener.ws.external.recbuf = 4KB
listener.ws.external.sndbuf = 4KB
listener.ws.external.buffer = 4KB
listener.ws.external.nodelay = true
##--------------------------------------------------------------------
## External MQTT/WebSocket/SSL Listener
listener.wss.external = 8084
listener.wss.external.acceptors = 4
listener.wss.external.max_clients = 64
listener.wss.external.access.1 = allow all
## SSL Options
listener.wss.external.handshake_timeout = 15s
listener.wss.external.keyfile = etc/certs/key.pem
listener.wss.external.certfile = etc/certs/cert.pem
## listener.wss.external.cacertfile = etc/certs/cacert.pem
## listener.wss.external.verify = verify_peer
## listener.wss.external.fail_if_no_peer_cert = true
##--------------------------------------------------------------------
## HTTP Management API Listener
listener.api.mgmt = 127.0.0.1:8080
listener.api.mgmt.acceptors = 4
listener.api.mgmt.max_clients = 64
listener.api.mgmt.access.1 = allow all
##-------------------------------------------------------------------
## System Monitor
##-------------------------------------------------------------------
## Long GC, don't monitor in production mode for:
## https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421
sysmon.long_gc = false
## Long Schedule(ms)
sysmon.long_schedule = 240
## 8M words. 32MB on 32-bit VM, 64MB on 64-bit VM.
sysmon.large_heap = 8MB
## Busy Port
sysmon.busy_port = false
## Busy Dist Port
sysmon.busy_dist_port = true
listener.ssl.external.acceptors=32
node.max_ets_tables=2097152
node.process_limit=2097152
cluster.k8s.service_name=emqtt
cluster.k8s.service_name=emqtt
listener.ws.external.acceptors=16
cluster.discovery=k8s
cluster.discovery=k8s
node.cookie=secretcookieeeetfggggg
node.name=emqtt
cluster.k8s.app_name=emqtt
cluster.k8s.app_name=emqtt
listener.tcp.external.max_clients=1000000
cluster.k8s.apiserver=https:\/\/kubernetes.default:443
cluster.k8s.apiserver=https:\/\/kubernetes.default:443
cluster.autoclean=5m
cluster.autoclean=5m
cluster.autoheal=on
cluster.autoheal=on
listener.ssl.external.max_clients=500000
node.max_ports=1048576
cluster.k8s.address_type=ip
cluster.k8s.address_type=ip
listener.tcp.external.acceptors=64
log.console=console
cluster.name=emqcl
cluster.name=emqcl
listener.ws.external.max_clients=250000
name=emqtt-1
Node '[email protected]' not responding to pings.
['2017-07-28T23:07:05Z']:waiting emqttd
Node '[email protected]' not responding to pings.
Exec: /opt/emqttd/erts-8.1/bin/erlexec -noshell -noinput +Bd -boot /opt/emqttd/releases/2.3/emqttd -mode embedded -boot_var ERTS_LIB_DIR /opt/emqttd/erts-8.1/../lib -mnesia dir "/opt/emqttd/data/mnesia/emqtt" -config /opt/emqttd/data/configs/app.2017.07.28.23.07.05.config -args_file /opt/emqttd/data/configs/vm.2017.07.28.23.07.05.args -vm_args /opt/emqttd/data/configs/vm.2017.07.28.23.07.05.args -- foreground
Root: /opt/emqttd
=INFO REPORT==== 28-Jul-2017::23:07:06 ===
alarm_handler: {set,{system_memory_high_watermark,[]}}
starting emqttd on node '[email protected]'
emqttd ctl is starting...[ok]
emqttd hook is starting...[ok]
emqttd router is starting...[ok]
emqttd pubsub is starting...[ok]
emqttd stats is starting...[ok]
emqttd metrics is starting...[ok]
emqttd pooler is starting...[ok]
emqttd trace is starting...[ok]
emqttd client manager is starting...[ok]
emqttd session manager is starting...[ok]
emqttd session supervisor is starting...[ok]
emqttd wsclient supervisor is starting...[ok]
emqttd broker is starting...[ok]
emqttd alarm is starting...[ok]
emqttd mod supervisor is starting...[ok]
emqttd bridge supervisor is starting...[ok]
emqttd access control is starting...[ok]
emqttd system monitor is starting...[ok]
emqttd 2.3 is running now
['2017-07-28T23:07:07Z']:waiting emqttd
['2017-07-28T23:07:07Z']:emqttd start
Load emq_mod_presence module successfully.
Load emq_mod_subscription module successfully.
dashboard:http listen on 0.0.0.0:18083 with 2 acceptors.
mqtt:tcp listen on 127.0.0.1:11883 with 16 acceptors.
mqtt:tcp listen on 0.0.0.0:1883 with 64 acceptors.
mqtt:ws listen on 0.0.0.0:8083 with 16 acceptors.
mqtt:ssl listen on 0.0.0.0:8883 with 32 acceptors.
mqtt:wss listen on 0.0.0.0:8084 with 4 acceptors.
mqtt:api listen on 127.0.0.1:8080 with 4 acceptors.
apiVersion: v1
kind: Service
metadata:
name: emqtt
namespace: emqtt
labels:
app: emqtt
spec:
ports:
- port: 1883
name: mqtt
- port: 8883
name: mqttssl
- port: 8080
name: mgmt
- port: 18083
name: dashboard
- port: 4369
name: mapping
clusterIP: None
selector:
app: emqtt
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: emqtt
namespace: emqtt
spec:
replicas: 3
serviceName: emqtt
template:
metadata:
labels:
app: emqtt
spec:
containers:
- name: emqtt
image: felipejfc/emqtt:v1
ports:
- containerPort: 1883
- containerPort: 8883
- containerPort: 8080
- containerPort: 18083
- containerPort: 4369
- containerPort: 4370
- containerPort: 6369
- containerPort: 6370
- containerPort: 6371
- containerPort: 6372
- containerPort: 6373
- containerPort: 6374
- containerPort: 6375
- containerPort: 6376
- containerPort: 6377
- containerPort: 6378
readinessProbe:
tcpSocket:
port: 1883
initialDelaySeconds: 5
periodSeconds: 10
env:
- name: EMQ_CLUSTER__DISCOVERY
value: "k8s"
- name: EMQ_CLUSTER__K8S__APISERVER
value: "https:\\/\\/kubernetes.default:443"
- name: EMQ_CLUSTER__K8S__SERVICE_NAME
value: "emqtt"
- name: EMQ_CLUSTER__K8S__ADDRESS_TYPE
value: "ip"
- name: EMQ_CLUSTER__K8S__APP_NAME
value: "emqtt"
- name: EMQ_NODE__NAME
value: "emqtt"
- name: EMQ_NODE__COOKIE
value: "secretcookieeeetfggggg"
- name: EMQ_CLUSTER__NAME
value: "emqcl"
- name: EMQ_CLUSTER__AUTOHEAL
value: "on"
- name: EMQ_CLUSTER__AUTOCLEAN
value: "5m"